[Resending to bind-users] Hi Rais,
this is a bit complicated matter as original RPZ specification has this bit: This document may not be modified, and derivative works of it may not be created, except to format it for publication as an RFC or to translate it into languages other than English. I don’t know what plans are and why did you submit this as I-D, but the mess around original RPZ specification needs to be solved first before we make any amendments to it. The other option might be multivendor effort that avoids IETF altogether. Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 14. 10. 2025, at 12:33, Rais Ahmed <[email protected]> wrote: > > > Hi, > Please review and engage relevant group/teams. > > Thanks > From: Rais Ahmed <[email protected]> > Sent: Tuesday, October 14, 2025 3:28 PM > To: [email protected] <[email protected]> > Cc: [email protected] <[email protected]> > Subject: Proposal: RPZ-EDE Enhancement and URI-R Redirection Record (IETF > Draft for Review) > > Dear ISC and BIND community members, > > I’d like to share a recently published Internet-Draft that proposes > enhancements to DNS policy enforcement mechanisms, particularly around > Response Policy Zones (RPZ) and Extended DNS Errors (EDE). > > Draft: DNS Policy Redirection Mechanisms: RPZ-EDE Enhancement and URI-R > Redirection Record > https://datatracker.ietf.org/doc/draft-ahmed-dns-policy-redirect/ > > Abstract: > This document defines two complementary mechanisms to improve user experience > and policy transparency in DNS-based filtering. The first extends RPZ > operation through the use of EDE signaling to provide explicit policy reasons > and better client handling. The second introduces a new URI-REDIRECT (URI-R) > Resource Record to enable secure redirection for HTTPS traffic, avoiding TLS > certificate errors that occur when traditional IP substitution is used. > > Both mechanisms are designed to be independent yet interoperable, providing > flexible paths for resolver vendors and operators to enhance policy signaling > and user redirection in a DNS-compliant way. > > Given ISC’s role in the development and maintenance of BIND and RPZ, your > feedback on operational feasibility, implementation considerations, or > alignment with current BIND behavior would be invaluable. > > Best regards, > Rais Ahmed > Transworld / DNS Infrastructure Projects > Email: [email protected] > > IETF Draft: https://datatracker.ietf.org/doc/draft-ahmed-dns-policy-redirect/
signature.asc
Description: Message signed with OpenPGP
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
