Re: [DNSOP] Working Group Last Call: draft-ietf-dnsop-nxdomain-cut
On Wed, Jun 22, 2016 at 1:52 AM, Mark Andrewswrote: > > In message >
Re: [DNSOP] naming and shaming broken implementations
>> djbdns has been broken for ~20 years -- no AXFR, no EDNS0, no >> TCP/53, no DNSSEC, no TSIG, etc, etc -- > >I'm may be too picky but these cases are different: djbdns misses some >features, some mandatory (TCP), some facultative (DNSSEC). It is not >the same thing as a bug (violation of the standard). Actually, djbdns does TCP and AXFR perfectly well, albeit using a separate program from the one that handles UDP queries. I swapped secondaries with a BIND site for over a decade using its AXFR, perked up with a little perl script that looked at the SOAs to limit the useless AXFRs. It doesn't do EDNS0 or DNSSEC, partly because Dan is stubborn, but mostly because it's been abandonware for almost 20 years. I patched for a while but gave up and switched to unbound and nsd. R's, John ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] naming and shaming broken implementations
Naming and shaming is not the only mechanism for change, and it's not effective when things "work". Sunsetting and deprecating parts of protocols (like IQUERY or TYPE=ANY) is more important as it helps not only to keep the protocol concise, but also forces evolution of protocol implementations (or at least brings implementors back for discussions). Marek On Wed, Jun 22, 2016 at 3:36 AM, Jim Reidwrote: > >> On 22 Jun 2016, at 11:13, Stephane Bortzmeyer wrote: >> >> It is not "fun", it is the only way to have broken implementations >> (Akamai, djbdns) fixed. If we do not name them, they will continue >> forever. > > I doubt that will help Stephane. djbdns has been broken for ~20 years -- no > AXFR, no EDNS0, no TCP/53, no DNSSEC, no TSIG, etc, etc -- and likely to be > that way forever. DJB no longer supports or maintains the software, apart > from fixing security vulnerabilities IIUC. So the DNS is probably always > going to be stuck with that abandonware being in the state it was in at its > last "stable release" in 2001. > > The best we can hope from naming and shaming is to encourage people to keep > away from implementations that are broken and/or cause serious > interoperability issues. Whether that advice will get heard and acted on is > another matter of course. Darwinism will eventually take care of the poor DNS > deployment choices anyway. > > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] naming and shaming broken implementations
On Wed, Jun 22, 2016 at 11:36:10AM +0100, Jim Reidwrote a message of 21 lines which said: > djbdns has been broken for ~20 years -- no AXFR, no EDNS0, no > TCP/53, no DNSSEC, no TSIG, etc, etc -- I'm may be too picky but these cases are different: djbdns misses some features, some mandatory (TCP), some facultative (DNSSEC). It is not the same thing as a bug (violation of the standard). ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] naming and shaming broken implementations
> On 22 Jun 2016, at 11:13, Stephane Bortzmeyerwrote: > > It is not "fun", it is the only way to have broken implementations > (Akamai, djbdns) fixed. If we do not name them, they will continue > forever. I doubt that will help Stephane. djbdns has been broken for ~20 years -- no AXFR, no EDNS0, no TCP/53, no DNSSEC, no TSIG, etc, etc -- and likely to be that way forever. DJB no longer supports or maintains the software, apart from fixing security vulnerabilities IIUC. So the DNS is probably always going to be stuck with that abandonware being in the state it was in at its last "stable release" in 2001. The best we can hope from naming and shaming is to encourage people to keep away from implementations that are broken and/or cause serious interoperability issues. Whether that advice will get heard and acted on is another matter of course. Darwinism will eventually take care of the poor DNS deployment choices anyway. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Working Group Last Call: draft-ietf-dnsop-nxdomain-cut
On Tue, Jun 21, 2016 at 05:46:38PM -0700, Marek Vavrušawrote a message of 20 lines which said: > pointing out various broken implementations is fun, It is not "fun", it is the only way to have broken implementations (Akamai, djbdns) fixed. If we do not name them, they will continue forever. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Working Group Last Call: draft-ietf-dnsop-nxdomain-cut
In message
[DNSOP] Fwd: New Version Notification for draft-song-dns-wireformat-http-04.txt
Hi Colleagues, Regarding the DNS wire-format over HTTP draft, the authors replied and addressed all comments in the mailing list. The latest update (04) reflect the comments on simplify the description of HTTP syntax and make the protocol less tied related to HTTP version Can I ask for a call for this document (adoption as WG draft )? Any suggestion is appreciated. Best regards, Davey -- Forwarded message -- From:Date: 22 June 2016 at 14:31 Subject: New Version Notification for draft-song-dns-wireformat-http-04.txt To: "Paul A. Vixie" , Shane Kerr , Runxia Wan , Linjian Song A new version of I-D, draft-song-dns-wireformat-http-04.txt has been successfully submitted by Linjian Song and posted to the IETF repository. Name: draft-song-dns-wireformat-http Revision: 04 Title: DNS wire-format over HTTP Document date: 2016-06-21 Group: Individual Submission Pages: 10 URL: https://www.ietf.org/internet-drafts/draft-song-dns-wireformat-http-04.txt Status: https://datatracker.ietf.org/doc/draft-song-dns-wireformat-http/ Htmlized: https://tools.ietf.org/html/draft-song-dns-wireformat-http-04 Diff: https://www.ietf.org/rfcdiff?url2=draft-song-dns-wireformat-http-04 Abstract: This memo introduces a way to tunnel DNS data over HTTP. This may be useful in any situation where DNS is not working properly, such as when there is middlebox misbehavior. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop