[nsd-users] DS algorithm as mnemonic
Dmitry Kohmanyuk
dk at hostmaster.ua
Wed Feb 29 00:40:55 UTC 2012
On Feb 28, 2012, at 2:19 AM, Peter Koch wrote:
> On Tue, Feb 28, 2012 at 11:00:23AM +0100, Matthijs Mekking wrote:
>
>> This is correct. NSD only had up to RSASHA1 in its dns algorithm
>> table. Newer algorithms were never added due to backwards
>> incompatibility concerns.
>
> strictly speaking, section 5.3 of RFC 4034 limits the mnemonic
> representation to those present in that RFC's appendix and does
> not extend it to future (including those defined in 5702 and 5933)
> code point assignments. From the point of view of an authoritative
> server this makes sense since it doesn't have to understand (or
> recognize) the algorithm used to properly serve the correct
> DNSKEY and RRSIG RRs.
>
>> However, we could allow newer mnemonics when reading in a zone (more
>> user friendly), and when writing always print the unsigned integer
>> value (more consistent, backwards compatible).
>
> +1 for the latter and 'not sure' about the former. Another potential
> abuse of the robustness principle at the horizon ...
it would be consistent to always write numbers out; also easier to compare with dig output.
Writing new names can cause problems with parsing of zone by other tools.
for reading, understanding of entire set of IANA-regjstered mnemonics feels like a right thing.
"Be liberate in what you accept..."
More information about the nsd-users
mailing list