a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking

• Previous message (by thread): a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking
• Next message (by thread): a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On 28 Feb 2019, at 9:03 am, John R. Levine <johnl at iecc.com> wrote:
> 
> On Thu, 28 Feb 2019, Mark Andrews wrote:
>> Agreed.  Additionally it suddenly went from something being done along
>> with a experiment to being “a experiment on can you transition to a new
>> type”.  The transition to type99 was well underway. ...
> 
> No, really, we had numbers.  Approximately nobody was using it, and of the few that were, they were querying just one or just the other and getting wrong results thereby.
> 
> In general I completely agree that new applications should have new rrtypes. That's why I wrote my extension language, to help add new types to the provisioning crudware that is the actual blocking factor on new types.  (The actual servers are all updated pretty quickly.)  But trying to retrofit a new type to an application that was already (albeit unwisely) using TXT was a losing battle.

Actually it was a battle that could have easily been won.  People just gave up
way too soon.  Doing stuff like synthesising SPF records from spf style TXT
records in the primary server and setting a end date for transition would have
worked.  We didn’t do that because we didn’t think of it as a battle.  We were
also blindsided by the decision to treat the change as a experiment in how to
migrate types when it was never intended to be.  If one was after a fast transition
there was lots more that could have been done.

DLV transitioned types (we started out with a user assigned type).
DNS COOKIE transitioned EDNS code points (started out with a user assigned code
point).

It’s perfectly do able.

SMTP transitioned from A to MX.  We no longer publish A records just in case some
MTA doesn’t support MX anymore.  I can remember having to do that.  SPF could have
been the same except people were impatient and had unrealistic expectations of how
long it would take.

> Regards,
> John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
> Please consider the environment before reading this e-mail. https://jl.ly

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

• Previous message (by thread): a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking
• Next message (by thread): a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]