Inline-signing feature request: Directly set the signed zone's serial number
Chris Thompson
cet1 at cam.ac.uk
Sat Oct 18 18:40:25 UTC 2014
On Oct 17 2014, Darcy Kevin (FCA) wrote:
>FYI,
> If you had to do this all over again, and your tools are flexible
>enough to handle arbitrary RRTYPEs, you might consider using a "private"
>RRTYPE (in the 65280-65534 range). See
>http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4
>and/or http://tools.ietf.org/html/rfc6895.
>
>Repurposing HINFO for something other than expressing host-related info,
>is just downright confusing/surprising. Principle of Least Astonishment.
Well, yes ... in an ideal world. Which this is not!
It is perhaps only a convenience that BIND and its utilities (named-checkzone
and nsupdate, in this context) process HINFO records in a convenient-to-humans
text format.
But the isuue of having to support Windows DNS Server implementations as
stealth slaves was a very real issue for us. I am not clear that even the
most recent versions fully support unknown record types in the style of
RFC3597. The ones we were having to deal with at the time most certainly
did not!
As for the Principle of Least Astionishment, I could replace
>1. No-one wants to use HINFO at a zone apex for any other reason.
with
1'. (Almost) no-one uses HINFO for its original purpose anywhere in
the DNS.
and I think I might get away with it.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list