QWEST.NET can you fix your nameservers

• Previous message (by thread): QWEST.NET can you fix your nameservers
• Next message (by thread): QWEST.NET can you fix your nameservers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <CAP-guGWXqBuUUak=HgqckFqS2Pgxa0e30RQ_G=qQNQ_C-hagbA at mail.gmail.com>
, William Herrin writes:
> On Thu, Sep 15, 2016 at 7:30 PM, Mark Andrews <marka at isc.org> wrote:
> > Then there is SPF.  A fare portion of the reason why the SPF record
> > failed, despite it being architectually cleaner than using TXT
> > records, is that some nameservers gave bad responses to SPF queries.
> 
> Hi Mark,
> 
> I'm going to stop you there. The SPF record type failed because
> resolvers can't pass requests between clients and authoritative
> servers unless they can parse them. New DNS record types essentially
> require a universal software upgrade before they work. And universal
> software upgrades do not happen well or in anything approaching a
> timely manner. The next new DNS record type will fail for the same
> reason. And the one after that.

Again lack of DNS compliance.  Go read STD 13 then tell me that
Microsoft ships a standards compliant resolver.  They still don't
last time I checked.

Libresolv could look up any <qname,qtype,class> tuple from back
when the UCB developed it.

You *never* needed universal support for new types. It is a myth.
You just need the authoritative servers to support the type and the
client to support the type.  Everything else treated it as a opaque
blob.  That is why compression pointers were only allowed for well
known types.  That is why records have a length field.  What STD
13 missed was a presentation format for unknown types.

There were implementations that got that wrong, including named,
but we fixed that well before SPF ever became a issue.

We have RFC 3597 which allows authoritative servers to load and
save records they don't know the internal structure of.  This was
published in September 2003.  All the major DNS vendors support it.
This addressed the oversight in STD 13.

You have lazy operators that haven't designed their web tools to
support RFC 3597.

Mark

> TXT is the DNS record type that's extensible without a software
> upgrade. Like it or lump it.
> 
> Regards,
> Bill Herrin
> 
> 
> -- 
> William Herrin ................ herrin at dirtside.com  bill at herrin.us
> Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

• Previous message (by thread): QWEST.NET can you fix your nameservers
• Next message (by thread): QWEST.NET can you fix your nameservers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]