Havard Eidnes <Havard.Eidnes@runit.sintef.no> writes: * > * > [mature-tony-1480] host -lt txt as1104.aut-num.ripe.net * > * > AS1104.aut-num.ripe.net TXT 192.16.185.0 * > * > AS1104.aut-num.ripe.net TXT 192.16.186.0 * > * > AS1104.aut-num.ripe.net TXT 192.16.194.0 * > * > AS1104.aut-num.ripe.net TXT 192.16.195.0 * > * > AS1104.aut-num.ripe.net TXT 192.16.199.0 * > * > AS1104.aut-num.ripe.net TXT 192.87.45.0 * > * ... * > * I'm not sure of what a solution to this problem should be, however, o * r * > * whether we just ignore the problem. * > * > That was my feeling too. If people like the idea and we can reliably use * > it for the update procedure then I'll just make sure we either make * > "warning" documentation to use TCP based queries or we put up a good * > resolver. * * I've given this some further thought, and a possibility could be to do it * like this: * * $origin as224.aut-num.ripe.net. * @ IN SOA ... * ; * @ NS ... * @ NS ... * ; * 1 A 32.0.0.0 * 2 A 128.39.0.0 * 3 A 129.177.0.0 * 4 A 129.240.0.0 * ; * * etc. * Hmm... Don't like this too much either sorry. I agree about the labels are immaterial but doesn't really get round the main thing which in my opinion is listing the nets. * Since you are primarily concerned with the value parts of the RRs in the * zone, the labels you use to identify each individual entry is of lesser * concern. This avoids the problem of truncated UDP response packets, but * also removes the possibility to retrieve the network list by using a single * DNS query (over TCP). Instead, one have to use a zone transfer to * accomplish the same task. * * I'm not sure this is a desireable solution... I think the technically more * correct thing would be to deploy/distribute (contribute to BIND) a better * resolver library but it will take a while for it to be widely distributed * (eg. via vendors). * I agree. Anyone know if this will happen in 4.9 or not ? On this whole subject. It appers that from the repsonses I've had the general feeling is not to do the update procedure this way. We will use the standard "centralised" type mechanism based on logins and guarded files and not persure this any further. However as part of this whole idea I plan to leave the ability to list all the nets from the DNS so will generate network lists based on AS so at least the functionality is there for those who want to make use of it. --Tony.