[DNSOP] Fwd: [Add] Joint ADD-DPRIVE-DNSOPS January 26, 2022 Interim

2022-01-19 Thread Benno Overeinder 

Hi all,

As previously announced, there will be a joint ADD-DPRIVE-DNSOP interim 
meeting next Wednesday, January 26.  Below is the forwarded email from 
the ADD mailing list.  Note: the date is Wednesday, January 26.


Best regards,

Suzanne, Tim and Benno


 Forwarded Message 
Subject:[Add] Joint ADD-DPRIVE-DNSOPS January 27, 2022 Interim
Date:   Mon, 10 Jan 2022 19:42:04 +
From:   Deen, Glenn 
To: a...@ietf.org 



Hi everyone,

The chairs of ADD, DPRIVE, and DNSOPS have scheduled a joint interim on 
the topic of Split-DNS for January 27, 2022 from 1700-1830 UTC.


This was originally announced on the ADD list back on Dec 20, but didn’t 
get a lot of attention like due to the holidays at the time 
(https://mailarchive.ietf.org/arch/msg/add/Jd3Tql9dLkYEBWrv5ifsMAU7M9g/ 
)


Background:

---

This is a follow up to the discussion that has taken place in ADD around 
how to support discovery of encrypted DNS resolvers in Split-DNS 
environments.   That extended discussion in ADD current stands at:  (1) 
The ADD group showed that there was consensus that the problem of how to 
do discovery in Split-DNS environments was important for the group to 
work on;  (2) The ADD group currently does not have consensus on how it 
should be done.  (3) A number of discussion issues that are outside of 
the ADD Charter have been raised around requirements that can uniquely 
occur in split-DNS environments.


It is the intent to use this joint session to discuss such issues, and 
others as needed to better understand the requirements that need to be 
satisfied for a ADD discovery mechanism for Split-DNS environments.


Motivation:

--

  * Split-DNS is widely used in Enterprise and Intuitional network
operations and in VPN environments.
  * Without a practical and acceptable standard on how to discover
encrypted DNS resolvers it is likely that operators that make use of
split-DNS will take it upon themselves to invent and deploy a wide
variety of non-standardized discovery methods.   This will hamper
any future standards that may be developed, and will impact users
negatively since they will not have a standard discovery mechanism
to make use of.
  * The hope is that by discussing the security, privacy, and
operational needs of discovery in Split-DNS environments that the
ADD group can make progress toward documenting how to do it in a
standard way

Purpose of the Joint Interim:

--

  * To discuss the issues around discovery of encrypted DNS resolvers in
a  Split-DNS environment.

What this Interim is NOT:

---

  * This is not intended as a referendum on the use of split-DNS.
  * This is not a workshop on how proposals of how to end the practice
of Split-DNS or how to re-engineer networks that have it currently
deployed.

Agenda

---

  * Agenda and any Materials will be posted at:
https://datatracker.ietf.org/meeting/interim-2022-add-01/session/add

  * The chairs of the 3 groups are working on the agenda for the Interim
and plan on making it available well ahead of the 1-27-2022 Interim
Meeting.
Thanks,

Glenn Deen on behalf of the ADD, DPrive, DNSOPS co-chairs
-- 
Add mailing list
a...@ietf.org
https://www.ietf.org/mailman/listinfo/add

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Testing SVCB/HTTPS records

2022-01-19 Thread Stephen Farrell 


Hi Stephane,

On 19/01/2022 08:36, Stephane Bortzmeyer wrote:

Does anyone know a service/software to check the consistency between
SVCB/HTTPS DNS records and the Web site? Such as testing the various
alpn, the various IP addresses hints, the aliases, etc. (It seems
ssllabs.com don't do it yet.)

I suspect that many people will put wrong SVCB/HTTPS records...


I made a test setup for my TLS/ECH work. [1] Happy to
take PRs or tweak if it's useful to others.

Cheers,
S.

[1] https://github.com/sftcd/echdnsfuzz



___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop



OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] Testing SVCB/HTTPS records

2022-01-19 Thread Stephane Bortzmeyer 
Does anyone know a service/software to check the consistency between
SVCB/HTTPS DNS records and the Web site? Such as testing the various
alpn, the various IP addresses hints, the aliases, etc. (It seems
ssllabs.com don't do it yet.)

I suspect that many people will put wrong SVCB/HTTPS records...

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop