On Feb 26, 2020, at 14:35, Dan York <y...@isoc.org> wrote: > While a new RR type is obviously different from a crypto algorithm, the > “system upgrade” is similar: > > - resolvers have to be upgraded to support the new behavior of the ANAME > record
For what it's worth, there are numerous examples of ANAME-like ALIAS functionality that were implemented on authority servers and have not needed any changes on recursive servers. (Recursive servers also don't generally need upgrades to support new RRTypes.) > - authoritative servers need to upgraded to process the ANAME record Yes. In the ALIAS cases that I know of that happened in the form of product offerings from commercial operators who had a commercial reason to make them. > - DNS hosting providers (which can often also be registrars) need to have > updated software to allow customers to enter ANAME records In the enterprise case where its non-trivial to use multiple providers because of all the Stupid DNS Tricks you need as a customer, this is the same as the previous point. > - DNSSEC signing software may need to be updated to sign the ANAME record > (section 4.2 in the ANAME draft notes the sibling resolution that must occur > before signing) DNSSEC wasn't implemented in the cases I'm aware of (at least while I was paying attention) but if you can generate signatures at response time I don't think ANAME makes anything more complicated. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
