On 22 July 2017 at 17:40, Woodworth, John R <john.woodwo...@centurylink.com> wrote:
> > From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of Matthew > Pounsett > > > > > > > On 20 July 2017 at 17:53, John R Levine <jo...@taugh.com> wrote: > > > > That's why I don't share the fears about BULK: you cannot easily > > > > deploy a new feature that will require a change in the resolvers, > > > > because you don't know all the resolvers, and cannot change them even > > > > if you know they are too old. But your secondaries are only a small > > > > set of carefully chosen servers, and you have your say. > > > > > > I hear otherwise from people who run big DNS farms. It's common to > > > use multiple secondary providers, and it's hard to tell who's running > > > what server software. I also note that it took about a decade before > > > people felt comfortable using DNAMEs. > > > > > > > Hi Matthew, > > > > Thanks for your comments. > > > > I hear and understand your concerns. We have similar concerns but > > *I* feel we could offer a phased-in approach to set everyone's > > expectations appropriately. If one chooses to step ahead of the phase > > at least they'd have an idea what troubles await them. > Something's wrong with your email client. Your quoted text above was not me. > > > > > > > Dear $VENDOR. > > > > > > I'm a customer who is considering deploying the BULK RR type into my > > > zone, and I would like to know whether your systems support it. > > > > > > Thank you, > > > $CUSTOMER. > > > > > > > > > That said.. there is still an issue with key distribution for online > > > signing which is required to make this work. I see the utility in > > > BULK, but I'm persuaded that there needs to be more work before it's > > > deployable in an environment where *XFR is required. > > > > > > > Online signing in this environment will not be possible until this > > is solved but I believe the phased in approach would give us the time > > to solve for it without delaying insecure deployment (phase1). > > > What's your mechanism for enforcing (or even signalling) this phased approach in the DNS?
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop