In message , Chris
Thompson w
rites:
> On Aug 15 2014, Mark Andrews wrote:
>
> [...]
> >The last delegation in the current chain is a secure delegation from
> >IN-ADDR.ARPA to 100.IN-ADDR.ARPA so there is a problem currently.
> >No one can safely setup their own reverse zones validation is now
>
On Thu, Aug 21, 2014 at 12:17:25PM +1000, Mark Andrews wrote:
> If they fail it can
> fallback to making iterative queries or just accept the failure.
I'd quibble with this bit: if it can make iterative queries, then we
might as well just call it a validating resolver.
IMHO the thing we're descri
In message <54885a5d-2afa-4d37-9b83-2229082d7...@virtualized.org>, David Conrad
writes:
>
> Hi,
>
> On Aug 20, 2014, at 6:21 PM, Andrew Sullivan
> wrote:
>
> > On Thu, Aug 21, 2014 at 10:52:46AM +1000, Mark Andrews wrote:
> >> It was also a required step as you can't reliably
> >> validate in th
In message <20140821012100.gc2...@mx1.yitter.info>, Andrew Sullivan writes:
> On Thu, Aug 21, 2014 at 10:52:46AM +1000, Mark Andrews wrote:
> > It was also a required step as you can't reliably
> > validate in the client unless the recursive server has filtered out
> > the spoofed answers.
>
> If
Hi,
On Aug 20, 2014, at 6:21 PM, Andrew Sullivan wrote:
> On Thu, Aug 21, 2014 at 10:52:46AM +1000, Mark Andrews wrote:
>> It was also a required step as you can't reliably
>> validate in the client unless the recursive server has filtered out
>> the spoofed answers.
>
> If I understand you cor
On Aug 20, 2014, at 9:21 PM, Andrew Sullivan wrote:
> On Thu, Aug 21, 2014 at 10:52:46AM +1000, Mark Andrews wrote:
>> It was also a required step as you can't reliably
>> validate in the client unless the recursive server has filtered out
>> the spoofed answers.
>
> If I understand you correctly
On Thu, Aug 21, 2014 at 10:52:46AM +1000, Mark Andrews wrote:
> It was also a required step as you can't reliably
> validate in the client unless the recursive server has filtered out
> the spoofed answers.
If I understand you correctly, this devolves to the claim that the
validating client has to
In message <20140820235118.e952b1d1b...@rock.dv.isc.org>, Mark Andrews writes:
>
> In message , Joe Abley writ
> es
> :
> >
> > On 20 Aug 2014, at 17:48, Mark Andrews wrote:
> >
> > > You will give answers that validate as bogus in the stub resolver.
> >
> > This seems to be the crux of our diff
In message , Joe Abley writes
:
>
> On 20 Aug 2014, at 17:48, Mark Andrews wrote:
>
> > You will give answers that validate as bogus in the stub resolver.
>
> This seems to be the crux of our differing world views.
>
> > A validating stub resolver
>
> Validating stub resolvers?
>
> In my own pers
On 20 Aug 2014, at 17:48, Mark Andrews wrote:
> You will give answers that validate as bogus in the stub resolver.
This seems to be the crux of our differing world views.
> A validating stub resolver
Validating stub resolvers?
In my own personal taxonomy a stub resolver doesn't validate. Val
In message <19ae3cb3-b108-42cb-bae2-a2f1fbb55...@hopcount.ca>, Joe Abley writes
:
> Hi Chris,
>
> I went quiet on this thread because I was going to try this out in a lab
> before commenting further, but since I haven't done that and you had
> something to say...
>
> On 20 Aug 2014, at 12:50, Chri
Hi Chris,
I went quiet on this thread because I was going to try this out in a lab before
commenting further, but since I haven't done that and you had something to
say...
On 20 Aug 2014, at 12:50, Chris Thompson wrote:
> On Aug 14 2014, Joe Abley wrote:
>
> [...]
>> It seems to me that no d
Greetings again. I have a need for expressing DNS messages in JSON for an
application I have written. Stephane and I had started to work on this but
ended up dropping it. draft-dulaunoy-kaplan-passive-dns-cof comes at the same
problem from another direction, but it is specific for one problem sp
On Aug 14 2014, Joe Abley wrote:
[...]
It seems to me that no delegation is a perfectly reasonable steady state,
It fails to break the chain of trust. Because a validator can "prove" that
the names in the putative subzone do not exist, it will consider locally
defined content "bogus". The only
On Aug 15 2014, Mark Andrews wrote:
[...]
The last delegation in the current chain is a secure delegation from
IN-ADDR.ARPA to 100.IN-ADDR.ARPA so there is a problem currently.
No one can safely setup their own reverse zones validation is now
starting to be done in stub resolvers and to do so wo
15 matches
Mail list logo
