Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-https-04.txt
On Fri, 19 Mar 2021 at 10:15, Willem Toorop wrote: >8 > > > The Net::DNS perl library does have parsing and printing of SVCB and > HTTPS based on draft-ietf-dnsop-svcb-https-01 since version 1.26 > (released on August 6, 2020). @Dick, what is your position on this? Change of name only affects parsing. Easy to accept both until RFC put to bed. Printing uses lightly toasted RFC3597 format: x1.example. IN SVCB0 foo.example.com. x2.example. IN SVCB1 . x3.example. IN SVCB( \# 25 0010; 16 03666f6f076578616d706c6503636f6d 00 ; foo.example.com. 0003 0002 0035 ) x4.example. IN SVCB( \# 28 0001; 1 03666f6f076578616d706c6503636f6d 00 ; foo.example.com. ; key667=... 029b 0005 68656c6c6f ) x5.example. IN SVCB( \# 32 0001; 1 03666f6f076578616d706c6503636f6d 00 ; foo.example.com. ; key667=... 029b 0009 68656c6c6fd2716f6f ) x6.example. IN SVCB( \# 55 0001; 1 03666f6f076578616d706c6503636f6d 00 ; foo.example.com. 0006 0020 20010db80001 20010db800530001 ) x7.example. IN SVCB( \# 46 0010; 16 03666f6f076578616d706c65036f7267 00 ; foo.example.org. 0002 0001 0001 0009 0268320568332d3139 0004 0004 c201 ) --rwf ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] watching the watchers
out of curiousity, you might look at the dns queries getting rejected by your firewall. in the example below, note that i don't use the all-zeroes host address on any of my subnets. root@fw1:/home/vixie # dnscap -p -i ipfw0 -g - [57] 2021-03-20 08:27:53.537554 [#0 ipfw0 4095] \ [128.119.245.101].52482 [24.104.150.0].53 \ dns QUERY,NOERROR,40885,rd \ 1 xvideos.com,IN, 0 0 0 ^C dnscap: signalled break most of the folks scanning me guess a non-zero host field: [59] 2021-03-20 08:31:50.706174 [#0 ipfw0 4095] \ [47.254.120.156].47204 [24.104.128.146].53 \ dns QUERY,NOERROR,55452,rd \ 1 www.yahoo.com,IN,A 0 0 0 [56] 2021-03-20 08:31:52.571584 [#1 ipfw0 4095] \ [88.80.186.137].18127 [24.104.150.171].53 \ dns QUERY,NOERROR,8792,rd \ 1 amazon.com,IN,A 0 0 0 [52] 2021-03-20 08:31:57.003934 [#2 ipfw0 4095] \ [143.198.215.243].983 [24.104.150.157].53 \ dns QUERY,NOERROR,2,rd \ 1 vtk.be,IN,ANY 0 0 0 none of these addresses has ever offered any kind of name service. watching the watchers is a little bit fun. -- Paul Vixie ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
