a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking

Mark Andrews marka at isc.org
Wed Feb 27 21:17:12 UTC 2019

> On 28 Feb 2019, at 7:28 am, Måns Nilsson <mansaxel at besserwisser.org> wrote:
> Subject: Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Date: Wed, Feb 27, 2019 at 01:07:09PM -0500 Quoting John Levine (johnl at iecc.com):
>> In article <20190227161327.GA27527 at besserwisser.org> you write:
>>> that is RFC 7208.[0]
>>> [0] This document tries to deprecate RRTYPE 99 for SPF. By stating that
>>> only TXT records can be trusted. ...
>> This must be a very different RFC 7208 from the one that the IETF published.
>> The IETF one says that nobody used type 99, and some of the few implementations
>> we saw were broken, so we deprecated it.
> We will never agree on that.  Because I think you were, and are,
> wrong. Mostly out of eagerness and lack of patience.

Agreed.  Additionally it suddenly went from something being done along
with a experiment to being “a experiment on can you transition to a new
type”.  The transition to type99 was well underway.  The libraries that
supported it where being deployed.  New MTAs where using using them.
Type99 was being published. There was BS about not interoperating with
old libraries that only looked for TXT records.  The only response to that
should have been “doh, go update the code” and maybe set a date for stopping
falling back to TXT.

> I'm fairly certain you think I have no idea what I'm talking about. But,
> to rehash, a little less subtle:
> My point was that the general state of criminal ignorance about the
> finer nuances of DNS is so wide spread that around 2038 we'll have an
> abstraction layer entirely built out of mile-long CNAME chains, because
> nobody remembers any other record type. CNAMEs we tried to forget too,
> replacing them with something out of the olde annals of Compuserve, but
> since the golden standard of resiliency and load balancing is a chain
> of them pointing into a bookstore's spare servers, we really can't do
> without them.
> -- 
> Måns Nilsson     primary/secondary/besserwisser/machina
> MN-1334-RIPE           SA0XLR            +46 705 989668
> Don't worry, nobody really LISTENS to lectures in MOSCOW, either! ...

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the NANOG mailing list