Hello John, On 20 Jul 2017, at 3:17, Woodworth, John R wrote:
Although in practice the name would likely be shorter and potentially include other customer attributes, say acmewabbit-21f-5bff-fec3-ab9d.example.com 1. This shows the owner is example.com, customer acmewabbit 2. Reverse lookups are helpful for tools (e.g. traceroute) and logs.
1 and 2 could be covered with a wildcard PTR, as I think Tony Finch pointed out.
Forget for a moment about IPv6. This draft makes $GENERATE more memory efficient, scales bigger, stays intact through AXFR's and yes -it makes some nameservers (authoritative) work a bit more as a trade-off.
One could make $GENERATE more efficient without actually implementing the BULK RR, by taking your pattern matching logic and implementing it inside the name server. Of course, this makes generating the NSEC/NSEC3 chain much harder than it is with today’s $GENERATE implementations that actually generate all the names.
A very interesting puzzle would be implementing BULK support, based on the pattern matching in the draft, -without- doing NSEC(3) white/black lies - i.e. generating the widest possible NSEC instead of the narrowest one. For NSEC3 I suspect this is not feasible.
Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop