[dns-operations] Hall of DNS Shame (?)

Mark Andrews marka at isc.org
Wed Jan 25 22:52:19 UTC 2017


In message <m2wpdilthb.wl-randy at psg.com>, Randy Bush writes:
> dlv was an attack to best be ignored.  focus on the doughnut, not the
> hole.

I really don't understand the hate directed at DLV.

It is nothing more that a way to publish and use a collection of
trust anchors that the owners of the zones for the trust anchors
asked us to publish.  If you were downloading a named.conf snippet
with the same set of trust anchors on it daily and reloading named
to incorporate them none of the objectors would be objecting.

Somehow because it was published in the DNS rather than as a text
file it became magically bad.

The IESG accepted that DLV was nothing more than a way to publish
a collection of trust anchors back when RFC 4431 was published.

I don't know if it sped up or slowed down various infrastructure
zones deciding when to start signing.  No one knows.  If we could
contact an alternative universe where DLV never existed assuming a
multiverse and compared the results we might know but we don't have
that ability.

If did provide a mechanism to allow people to publish trust anchors
for their zones when the parents zone was not signed.  Presumably
some zones got signed earlier because of that.

Mark

> randy
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list