Re: [DNSOP] Working Group Last Call: draft-ietf-dnsop-nxdomain-cut

2016-06-22 Thread Marek Vavruša 
On Wed, Jun 22, 2016 at 1:52 AM, Mark Andrews  wrote:
>
> In message 
>

Re: [DNSOP] naming and shaming broken implementations

2016-06-22 Thread John Levine 
>> djbdns has been broken for ~20 years -- no AXFR, no EDNS0, no
>> TCP/53, no DNSSEC, no TSIG, etc, etc --
>
>I'm may be too picky but these cases are different: djbdns misses some
>features, some mandatory (TCP), some facultative (DNSSEC). It is not
>the same thing as a bug (violation of the standard).

Actually, djbdns does TCP and AXFR perfectly well, albeit using a
separate program from the one that handles UDP queries.  I swapped
secondaries with a BIND site for over a decade using its AXFR, perked
up with a little perl script that looked at the SOAs to limit the
useless AXFRs.

It doesn't do EDNS0 or DNSSEC, partly because Dan is stubborn, but
mostly because it's been abandonware for almost 20 years.  I patched
for a while but gave up and switched to unbound and nsd.

R's,
John

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] naming and shaming broken implementations

2016-06-22 Thread Marek Vavruša 
Naming and shaming is not the only mechanism for change, and it's not
effective when things "work". Sunsetting and deprecating parts of
protocols (like IQUERY or TYPE=ANY) is more important as it helps not
only to keep the protocol concise, but also forces evolution of
protocol implementations (or at least brings implementors back for
discussions).

Marek

On Wed, Jun 22, 2016 at 3:36 AM, Jim Reid  wrote:
>
>> On 22 Jun 2016, at 11:13, Stephane Bortzmeyer  wrote:
>>
>> It is not "fun", it is the only way to have broken implementations
>> (Akamai, djbdns) fixed. If we do not name them, they will continue
>> forever.
>
> I doubt that will help Stephane. djbdns has been broken for ~20 years -- no 
> AXFR, no EDNS0, no TCP/53, no DNSSEC, no TSIG, etc, etc -- and likely to be 
> that way forever. DJB no longer supports or maintains the software, apart 
> from fixing security vulnerabilities IIUC. So the DNS is probably always 
> going to be stuck with that abandonware being in the state it was in at its 
> last "stable release" in 2001.
>
> The best we can hope from naming and shaming is to encourage people to keep 
> away from implementations that are broken and/or cause serious 
> interoperability issues. Whether that advice will get heard and acted on is 
> another matter of course. Darwinism will eventually take care of the poor DNS 
> deployment choices anyway.
>
>
> ___
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] naming and shaming broken implementations

2016-06-22 Thread Stephane Bortzmeyer 
On Wed, Jun 22, 2016 at 11:36:10AM +0100,
 Jim Reid  wrote 
 a message of 21 lines which said:

> djbdns has been broken for ~20 years -- no AXFR, no EDNS0, no
> TCP/53, no DNSSEC, no TSIG, etc, etc --

I'm may be too picky but these cases are different: djbdns misses some
features, some mandatory (TCP), some facultative (DNSSEC). It is not
the same thing as a bug (violation of the standard).

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] naming and shaming broken implementations

2016-06-22 Thread Jim Reid 

> On 22 Jun 2016, at 11:13, Stephane Bortzmeyer  wrote:
> 
> It is not "fun", it is the only way to have broken implementations
> (Akamai, djbdns) fixed. If we do not name them, they will continue
> forever.

I doubt that will help Stephane. djbdns has been broken for ~20 years -- no 
AXFR, no EDNS0, no TCP/53, no DNSSEC, no TSIG, etc, etc -- and likely to be 
that way forever. DJB no longer supports or maintains the software, apart from 
fixing security vulnerabilities IIUC. So the DNS is probably always going to be 
stuck with that abandonware being in the state it was in at its last "stable 
release" in 2001.

The best we can hope from naming and shaming is to encourage people to keep 
away from implementations that are broken and/or cause serious interoperability 
issues. Whether that advice will get heard and acted on is another matter of 
course. Darwinism will eventually take care of the poor DNS deployment choices 
anyway.


___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Working Group Last Call: draft-ietf-dnsop-nxdomain-cut

2016-06-22 Thread Stephane Bortzmeyer 
On Tue, Jun 21, 2016 at 05:46:38PM -0700,
 Marek Vavruša  wrote 
 a message of 20 lines which said:

> pointing out various broken implementations is fun,

It is not "fun", it is the only way to have broken implementations
(Akamai, djbdns) fixed. If we do not name them, they will continue
forever.

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Working Group Last Call: draft-ietf-dnsop-nxdomain-cut

2016-06-22 Thread Mark Andrews 

In message

[DNSOP] Fwd: New Version Notification for draft-song-dns-wireformat-http-04.txt

2016-06-22 Thread Davey Song 
Hi Colleagues,

Regarding the DNS wire-format over HTTP draft, the authors replied and
addressed all comments in the mailing list. The latest update (04) reflect
the comments on simplify the description of HTTP syntax and make the
protocol less tied related to HTTP version

Can I ask for a call for this document (adoption as WG draft )? Any
suggestion is appreciated.

Best regards,
Davey
-- Forwarded message --
From: 
Date: 22 June 2016 at 14:31
Subject: New Version Notification for draft-song-dns-wireformat-http-04.txt
To: "Paul A. Vixie" , Shane Kerr ,
Runxia Wan , Linjian Song 



A new version of I-D, draft-song-dns-wireformat-http-04.txt
has been successfully submitted by Linjian Song and posted to the
IETF repository.

Name:   draft-song-dns-wireformat-http
Revision:   04
Title:  DNS wire-format over HTTP
Document date:  2016-06-21
Group:  Individual Submission
Pages:  10
URL:
https://www.ietf.org/internet-drafts/draft-song-dns-wireformat-http-04.txt
Status:
https://datatracker.ietf.org/doc/draft-song-dns-wireformat-http/
Htmlized:
https://tools.ietf.org/html/draft-song-dns-wireformat-http-04
Diff:
https://www.ietf.org/rfcdiff?url2=draft-song-dns-wireformat-http-04

Abstract:
   This memo introduces a way to tunnel DNS data over HTTP.  This may be
   useful in any situation where DNS is not working properly, such as
   when there is middlebox misbehavior.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop