Re: [dns-operations] root? we don't need no stinkin' root!

> On 28 Nov 2019, at 08:09, Florian Weimer wrote: > > * Ondřej Surý: > >>> On 27 Nov 2019, at 23:08, Florian Weimer wrote: >>> * Mark Allman: >>> Let me try to get away from what is or is not "big" and ask two questions. (These are legit questions to me. I have studied the

Re: [dns-operations] root? we don't need no stinkin' root!

* Ondřej Surý: >> On 27 Nov 2019, at 23:08, Florian Weimer wrote: >> >> What's the change rate for the root zone? > > https://twitter.com/diffroot Selective quoting does not help to further the discussion. Raw change rates do not tell us if zones keep at least of some of their servers at

Re: [dns-operations] root? we don't need no stinkin' root!

> On 27 Nov 2019, at 23:08, Florian Weimer wrote: > > What's the change rate for the root zone? https://twitter.com/diffroot O. -- Ondřej Surý ond...@sury.org ___ dns-operations mailing list dns-operations@lists.dns-oarc.net

Re: [dns-operations] root? we don't need no stinkin' root!

* Jared Mauch: >> On Nov 27, 2019, at 5:26 PM, Florian Weimer wrote: >> >> What's the change rate for the root zone? If there is a full >> transition of the name server addresses for a zone, how long does it >> typically take from the first change to the completion of the sequence >> of

Re: [dns-operations] Questions on private nameservers registration

Another more question, can I put DE glues into other domain registry's zone? For example, the COM's. Regards. on 2019/11/26 9:41, Wesley Peng wrote: John, on 2019/11/26 9:35, John W. O'Brien wrote: Are ns{1,2}.wsly.de authoritative for wsly.de? Then glue is required in DE. Otherwise

Re: [dns-operations] [Solved] (not just) Quad9 denial of existence for _25._tcp.mx1.p01.antagonist.nl IN TLSA

Root cause found, the antagonist.nl domain has 3 listed nameservers: ns1.antagonist.nl. ns2.antagonist.net. ns3.antagonist.de. but the IP address returned by the actual antagonist.de zone: ns3.antagonist.de. IN A 139.162.173.192 differs from the glue record returned from the

Re: [dns-operations] root? we don't need no stinkin' root!

> On Nov 27, 2019, at 5:26 PM, Florian Weimer wrote: > > What's the change rate for the root zone? If there is a full > transition of the name server addresses for a zone, how long does it > typically take from the first change to the completion of the sequence > of changes? There are

Re: [dns-operations] root? we don't need no stinkin' root!

* Mark Allman: > Let me try to get away from what is or is not "big" and ask two > questions. (These are legit questions to me. I have studied the > DNS a whole bunch, but I do not operate any non-trivial part of the > DNS and so that viewpoint is valuable to me.) > > (1) Setting aside history

Re: [dns-operations] root? we don't need no stinkin' root!

Petr, > I think there is even more fundamental problem: > Someone has to pay operational costs of "the new system”. The “new system” is simply the existing network of resolvers, augmented to have the root zone. As far as I can tell, the operational cost would be in (a) ensuring the resolver

Re: [dns-operations] root? we don't need no stinkin' root!

I've been following this thread, and I'm well aware of the massive amounts of NXDOMAIN stuff. I don't know enough about this specific issue. But there are things which happen in Browser Land which would lead me to naively conclude the people making browsers don't understand DNS. Two recent

Re: [dns-operations] root? we don't need no stinkin' root!

--- Begin Message --- > On Nov 25, 2019, at 1:23 PM, Bill Woodcock wrote: > >> On Nov 25, 2019, at 9:54 PM, Florian Weimer wrote: >> The query numbers are surprisingly low. To me at last. > > Duane Wessels did a good study some time ago of queries to the root. I > believe over 99% were

Re: [dns-operations] root? we don't need no stinkin' root!

--- Begin Message --- > On Nov 25, 2019, at 2:19 PM, Florian Weimer wrote: > > * Jim Reid: > >>> On 25 Nov 2019, at 20:54, Florian Weimer wrote: >>> Is it because of the incoming data is interesting? >> >> Define interesting. > > The data could have monetary value. Passwords that are

Re: [dns-operations] root? we don't need no stinkin' root!

On 26. 11. 19 12:46, David Conrad wrote: > On Nov 26, 2019, at 11:33 AM, Jim Reid > wrote: >>> On 26 Nov 2019, at 09:16, Florian Weimer >> > wrote: >>> >>> Up until recently, well-behaved recursive resolvers had to forward >>> queries to the

Re: [dns-operations] root? we don't need no stinkin' root!

On 27. 11. 19 9:53, Ondřej Surý wrote: > Mark, > > I believe that any distributed system that won’t have a fallback to the RZ > is inevitably doomed and will get out of sync. > > The RFC7706 works because there’s always a safe guard and if the resolver > is unable to use mirrored zone, it will

Re: [dns-operations] root? we don't need no stinkin' root!

On 11/26/19 7:40 PM, Mark Allman wrote: > I wonder if we're ever allowed to just decide this sort of thing is > ridiculous old shit and for lots of reasons we can and should just > garbage collect it away. To some extent, "get rid of ridiculous old sh*t" is kind of what the DNS Flag Days are

Re: [dns-operations] root? we don't need no stinkin' root!

On 26. 11. 19 16:04, Roy Arends wrote: > > >> On 26 Nov 2019, at 12:46, David Conrad wrote: >> >> It would appear a rather large percentage of queries to the root (like 50% >> in some samples) are random strings, between 7 to 15 characters long, >> sometimes longer. I believe this is

Re: [dns-operations] root? we don't need no stinkin' root!

Mark, I believe that any distributed system that won’t have a fallback to the RZ is inevitably doomed and will get out of sync. The RFC7706 works because there’s always a safe guard and if the resolver is unable to use mirrored zone, it will go to the origin. Call me a pessimist, but I’ve yet