[dns-operations] DNS APIs, was Who Ignores TTLs ?

Andrew Sullivan ajs at shinkuro.com
Thu Feb 17 22:58:08 UTC 2011


On Thu, Feb 17, 2011 at 05:37:11PM -0500, Matthew Pounsett wrote:
> If dns{ext,op} have said they don't want to take it on (honestly, neither one seems quite appropriate to me either), and there doesn't seem to be traction for creating another wg to cover it, then I think DNS-OARC is an entirely appropriate place to try to organize that work.
> 

Shane is right that the IETF response there is undoubtedly going to be
"we do wire protocols, not intra-host stuff."  I don't think it's that
DNSEXT at least does not _want_ to do it (although getting anything
through there is, I guess everyone knows, a bit of a string push), but
rather that we're not chartered to.  

I know of two completely incompatible APIs for getting the DNSSEC data
up out of an application.  SPARTA/Cobham has one in libval
(https://www.dnssec-tools.org/wiki/index.php/DNSSEC_Application_Development),
and the other is in Unbound.  It sure would be nice to get that
together.

It _might_ be that some useful work could go on under the auspices of
the DANE working group, although it is very tightly chartered.

A

-- 
Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.



More information about the dns-operations mailing list