On Mon, Apr 20, 2015 at 09:57:06AM -0700, Paul Hoffman <paul.hoff...@vpnc.org> wrote a message of 98 lines which said:
> The definition in the draft includes ideas from RFC 5625, which > seems to be the much more common definition of "forwarder" used > today. However, the WG is free to define this however they want. I disagree with "much more common". The two definitions can be summarized as: 1) a forwarder is the machine which forwards 2) a forwarder is the machine which receives the forwarded request I find 2) much more common, because it is the meaning it has in BIND. > My proposal goes the other way: to use the more common definition of > a forwarder being what we see in gazillions of SOHO devices. And then we will have thousands of BIND configs to patch... Anyway, _today_, in draft-ietf-dnsop-dns-terminology-00, the definition of "forwarder" is not 1) or 2) but a strange mix of both. > > Dangerous legal and political issues here. If Joe Sysadmin > > configures the DHCP server to tell the users' machines to use > > 192.0.2.53 and this resolver rewrites answers, can we honestly say > > that the users "are expected to know"? Technically, there is no > > difference between Consensual policy-implementing resolver and > > Non-consensual policy-implementing resolver and I would merge the > > definitions. > > Please propose specific wording for the merge so the WG can see if > they like it better. Policy-implementing resolver -- A resolver that changes some answers it returns based on policy criteria, such as to prevent access to malware sites. This is just a technical definition: such a policy-implementing resolver can be installed by various actors, for various reasons, and users may or may not be aware of its policy. [Some people prefer to be direct and call it a lying resolver.] > >> Passive DNS -- A mechanism to collect large amounts of DNS data > >> by storing queries and responses from recursive servers. > > > > Most passive DNS servcies collect only the responses, which is good > > for privacy. > > Some passive DNS services collect the query too. Given the privacy > issue you mention, we should make people aware of that. Passive DNS -- A mechanism to collect large amounts of DNS data by storing responses from servers. Some of these systems also collect queries, which can raise privacy issues. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
