> From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of Matthew Pounsett > > > On 20 July 2017 at 17:53, John R Levine <jo...@taugh.com> wrote: > > That's why I don't share the fears about BULK: you cannot easily > > deploy a new feature that will require a change in the resolvers, > > because you don't know all the resolvers, and cannot change them even > > if you know they are too old. But your secondaries are only a small > > set of carefully chosen servers, and you have your say. > > I hear otherwise from people who run big DNS farms. It's common to > use multiple secondary providers, and it's hard to tell who's running > what server software. I also note that it took about a decade before > people felt comfortable using DNAMEs. >
Hi Matthew, Thanks for your comments. I hear and understand your concerns. We have similar concerns but *I* feel we could offer a phased-in approach to set everyone's expectations appropriately. If one chooses to step ahead of the phase at least they'd have an idea what troubles await them. > > Dear $VENDOR. > > I'm a customer who is considering deploying the BULK RR type into my > zone, and I would like to know whether your systems support it. > > Thank you, > $CUSTOMER. > > > That said.. there is still an issue with key distribution for online > signing which is required to make this work. I see the utility in > BULK, but I'm persuaded that there needs to be more work before it's > deployable in an environment where *XFR is required. > Online signing in this environment will not be possible until this is solved but I believe the phased in approach would give us the time to solve for it without delaying insecure deployment (phase1). Thanks, John > -- THESE ARE THE DROIDS TO WHOM I REFER: This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
