[net-dns-users] merger NET::DNS::SEC into Net::DNS Re: Release candidate for Net::DNS 0.82

Olafur Gudmundsson ogud at ogud.com
Wed Jan 14 21:16:20 UTC 2015


Dick thank you for your quick reply. 
Even if a full merge is not possible/desirable, I would strongly
argue for a partial merge where all the RRtypes that are currently defined only in 
::Sec be merged into Net::DNS. I.e. everything in directory RR as none of that uses
any crypto. 
Right now anyone that wants to even be able to display DNSKEY record needs to install Net::DNS::SEC 

Olafur 


-----Original Message-----
From: "Dick Franks" <rwfranks at acm.org>
Sent: Wednesday, 14 January, 2015 12:31
To: net-dns-users at nlnetlabs.nl
Subject: Re: [net-dns-users] Release candidate for Net::DNS 0.82

_______________________________________________
net-dns-users mailing list
net-dns-users at nlnetlabs.nl
https://www.nlnetlabs.nl/mailman/listinfo/net-dns-users
Olafur,

Olaf Kolkman and I discussed this prickly topic a few years ago.  The
decision reached then was to leave the distributions as they now are.
Nothing has changed to invalidate the arguments on which that decision was
based.

In many ways it would be far more convenient if the two distributions could
be integrated.  It certainly would make maintenance and regression testing
significantly easier.

However, there are at least 30 countries where the import and/or use of
strong encryption is illegal, can only be done under license, or where the
legal position is uncertain.

Combining the two distributions would either completely preclude the use of
Net::DNS in some territories or expose users to the risk of prosecution
because the distribution contains illegal content even if not required for
whatever it is they are attempting to do.

Packaging Net::DNS::SEC as an optional extension maximises the availability
of Net::DNS and ensures that enabling the cryptographic components requires
a deliberate installation step for which the individual user then becomes
legally responsible.


Dick
________________________


On 14 January 2015 at 15:49, Olafur Gudmundsson <ogud at ogud.com> wrote:

> While slightly off topic.
> Are there plans to roll Net::DNS::SEC into this distribution,
> in modern times it is strange to have DNSSEC records in one distribution
> but newly defined records in this one.
> DNSSEC is now stable protocol and should be considered integral part of
> DNS.
>
>     Olafur
>
>
> > On Jan 13, 2015, at 8:34 AM, Willem Toorop <willem at NLnetLabs.nl> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Dear users of Net::DNS,
> >
> > We have a candidate for the upcoming single bugfix/feature release 0.82
> > of Net::DNS.
> >
> > This release adds support for upstream nameservers to be specified as
> > IPv6 link-local addresses with scope_id; either directly on Resolver
> > construction or with the nameservers method, or via a nameserver keyword
> > in a resolver configuration file ( /etc/resolv.conf ).
> >
> > Please review carefully. If no issues arise, the actual release will
> > follow Tuesday the 20th of January 2015.
> >
> > link  http://www.net-dns.org/download/Net-DNS-0.81_01.tar.gz
> > sha1  e69a928219eb72ecd89855c8b239d823a24424f5
> >
> > Changes
> > =======
> > Fix rt.cpan.org #100385
> >
> >       Support for IPv6 link-local addresses with scope_id
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1
> >
> > iQIcBAEBAgAGBQJUtR75AAoJEOX4+CEvd6SYyBIP/3gy65xbTS3xdeqbvUNYtxgi
> > NN3iIVcL2KDOjfaeav5pPK7oZjvwOhZzZTbhLynrVWKZz3xe2qWDcFZ2E7IudEsa
> > EtrfIXpNJ5AFz/BBiR4/k/WEXEQEuhyKes8lKfgbUQXtKKXYRbP2wqnjF/s/uxUy
> > uZKRzy4U2UjgMGtxPN8lPF6TzKykEOlR3uiSa1k2j8uvNFxZa4SkPq9PYLa1oClA
> > ezegAQsPRWhFeUiqPbhnRXHNOGYOyyiBVwwAHyjoDmEPE7nDD3lnpnnB+TOlfqfD
> > 407xo340a4K6vKEqw8pTgRjZRwzok+/e22ibIU7aEevYT3bJQpssMcSVSEiKH5Sb
> > aGotr7CO+/THi3u/Hk3VnGuiqBnckgQFKaeOJJOy+9tAqhT7dXSQ4kXM6igYtay4
> > X4I8daVYw0XlTGMHIVTEMhdCz437d7+NXB7KrhzodM2UZrAf6et5TuTLrqFkERYK
> > BhPWkR3g0nNrK7phd+zKNDlnE8rYHFTfEby8XPQS9IY+7PomQE/5r3CPJ8edcDVH
> > zk7Ep5MS4K1uuGC4egYk75+2O3S1RTeJSxhMc6qz1LmAIrWjpOcsVUryhojGgtqg
> > 3pHtjPDcvnddTUqxjywVwyG+Ek+ZUEFbSKzbJyNEMm6KSB1e9gmUjyOJidGuq6Z+
> > wCo5q4l+alw2W1OWTRD4
> > =NMkT
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > net-dns-users mailing list
> > net-dns-users at nlnetlabs.nl
> > https://www.nlnetlabs.nl/mailman/listinfo/net-dns-users
>
> _______________________________________________
> net-dns-users mailing list
> net-dns-users at nlnetlabs.nl
> https://www.nlnetlabs.nl/mailman/listinfo/net-dns-users
>




More information about the net-dns-users mailing list