nanog mailing list archives
Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking
From: Mark Andrews <marka () isc org>
Date: Thu, 28 Feb 2019 12:57:45 +1100
On 28 Feb 2019, at 9:03 am, John R. Levine <johnl () iecc com> wrote: On Thu, 28 Feb 2019, Mark Andrews wrote:Agreed. Additionally it suddenly went from something being done along with a experiment to being “a experiment on can you transition to a new type”. The transition to type99 was well underway. ...No, really, we had numbers. Approximately nobody was using it, and of the few that were, they were querying just one or just the other and getting wrong results thereby. In general I completely agree that new applications should have new rrtypes. That's why I wrote my extension language, to help add new types to the provisioning crudware that is the actual blocking factor on new types. (The actual servers are all updated pretty quickly.) But trying to retrofit a new type to an application that was already (albeit unwisely) using TXT was a losing battle.
Actually it was a battle that could have easily been won. People just gave up way too soon. Doing stuff like synthesising SPF records from spf style TXT records in the primary server and setting a end date for transition would have worked. We didn’t do that because we didn’t think of it as a battle. We were also blindsided by the decision to treat the change as a experiment in how to migrate types when it was never intended to be. If one was after a fast transition there was lots more that could have been done. DLV transitioned types (we started out with a user assigned type). DNS COOKIE transitioned EDNS code points (started out with a user assigned code point). It’s perfectly do able. SMTP transitioned from A to MX. We no longer publish A records just in case some MTA doesn’t support MX anymore. I can remember having to do that. SPF could have been the same except people were impatient and had unrealistic expectations of how long it would take.
Regards, John Levine, johnl () iecc com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking, (continued)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 26)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Julien Goodwin (Feb 26)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mike via NANOG (Feb 27)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Töma Gavrichenkov (Feb 27)
- RE: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Eric Tykwinski (Feb 27)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Måns Nilsson (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Måns Nilsson (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John R. Levine (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John R. Levine (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking bzs (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Seth Mattinen (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mike Meredith (Feb 28)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Måns Nilsson (Feb 28)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Bjørn Mork (Feb 28)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mike Meredith (Feb 28)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Måns Nilsson (Feb 28)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Töma Gavrichenkov (Feb 27)