[dns-operations] Underscore suffix glue record?
Petr Špaček
pspacek at isc.org
Fri Jan 10 09:32:17 UTC 2025
On 06. 01. 25 22:04, Phillip Hallam-Baker wrote:
> Very interesting.
>
> Folk are free to accept or reject my particular proposal to manage DNS
> names and TLS certs (and any other credential) in one service. But I
> think it is very clear that SETTLE and DELEG need to be talking.
>
> I don't think this should be approached as a DNS configuration or TLS
> configuration problem either because IP address assignment comes from
> the network administration, not the devices under management.
>
> I would like to fix TSIG to use public key. But that is pretty much all
> that I would like in DNS extensions and it is not exactly a 'need'.
Perhaps SIG(0) fits the bill for "TSIG to use public key"?
https://datatracker.ietf.org/doc/html/rfc2931
It is implemented in BIND 9.20+.
--
Petr Špaček
Internet Systems Consortium
More information about the dns-operations
mailing list