Hello John,

On 20 Jul 2017, at 3:17, Woodworth, John R wrote:

Although in practice the name would likely be shorter and potentially
include other customer attributes,
say acmewabbit-21f-5bff-fec3-ab9d.example.com

   1. This shows the owner is example.com, customer acmewabbit
   2. Reverse lookups are helpful for tools (e.g. traceroute)
      and logs.

1 and 2 could be covered with a wildcard PTR, as I think Tony Finch pointed out.

Forget for a moment about IPv6.  This draft makes $GENERATE more
memory efficient, scales bigger, stays intact through AXFR's
and yes -it makes some nameservers (authoritative) work a bit more
as a trade-off.

One could make $GENERATE more efficient without actually implementing the BULK RR, by taking your pattern matching logic and implementing it inside the name server. Of course, this makes generating the NSEC/NSEC3 chain much harder than it is with today’s $GENERATE implementations that actually generate all the names.

A very interesting puzzle would be implementing BULK support, based on the pattern matching in the draft, -without- doing NSEC(3) white/black lies - i.e. generating the widest possible NSEC instead of the narrowest one. For NSEC3 I suspect this is not feasible.

Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to