[dns-operations] unknown rrs and xfr (was Re: Recommended zone serial number format for over 100 changes / day)

John Levine johnl at taugh.com
Wed Apr 6 15:12:16 UTC 2016

>I didn't invent the requirement and I'm not adding it; DNAME and DNSSEC are
>the precedent - and they only work when you upgrade the servers. They break
>when you don't. Future RRtypes may repeat this, so it's good and sensible
>operations to accommodate that.

There are about 100 RRTYPEs defined. The last new RRTYPE that needed
server support was NSEC3, published in 2008 and cast in concrete a
year before that.  The last before that was NSEC/RRSIG/DNSKEY in 2003,
and DNAME in 1999.  Since 2003 there have been about two dozen other
new RRTYPEs that existing servers could handle with no trouble.

If you as a zone operator decide to use whizzo new DNS features, part
of your job is to check that your servers are able to support them.
As often as not these days all of the visible servers are slaves of a
hidden master, so master vs. slave is not interesting.

I started to sign my zones last year, and one of the things I had to
do was to be sure that the slave server I do not operate myself was up
to date enough to handle it (it was.)  This is not new, or difficult,
or unusual.

If you still think that RFC 3597 was a mistake, write a draft to
reverse it and see if you can get it adopted.  But I wouldn't hold my


More information about the dns-operations mailing list