On Thu, 09 Jul 2009, Livingood, Jason wrote:
> I submitted this draft, which you can find at
> http://tools.ietf.org/html/draft-livingood-dns-redirect-00, before
> the =??00 cutoff on Monday, and it will be discussed in the DNSOP WG
> meeting at IETF 75 (it is listed on the agenda).
I think that t
Review of draft-livingood-dns-redirect-00I think that dns redirection is a
double-sword. it will be good if it is used by good guy; it will be bad if it
is used by bad guy.
ICANN SSAC suggest to forbid the use of dns redirction. pls see
http://syd.icann.org/files/meetings/sydney2009/presentatio
Great and detailed feedback on our first draft, Andrew. I'll take a reply
in detail, point-by-point, when I start working on -01 with my co-authors
and contributors.
Thanks
Jason
On 7/13/09 4:29 PM, "Andrew Sullivan" wrote:
> Dear colleagues,
On Thu, Jul 09, 2009 at 11:23:48AM -0400, Livingo
Dear colleagues,
On Thu, Jul 09, 2009 at 11:23:48AM -0400, Livingood, Jason wrote:
> If anyone is interested and has time before IETF 75, I¹m happy to take
> feedback before then obviously. Please note that there is a list of open
> items at the end, which we plan to address in subsequent version
At 1:48 PM -0400 7/13/09, Paul Wouters wrote:
>On Mon, 13 Jul 2009, Tony Finch wrote:
>
>>I think you need to widen that caveat: anything that isn't a web browser
>>should not use a DNS server that misbehaves as described in this draft.
>
>I think you need to widen that caveat: anything should not
Paul Hoffman wrote:
At 9:55 AM -0400 7/13/09, Livingood, Jason wrote:
On the topic of 'lying resolvers' though, that seems a bit strong IMHO. But perhaps I have missed a strong MUST statement (per RFC 2119) in a relevant RFC that you could refer me to?
I am not aware of an RFC that s
On Mon, 13 Jul 2009, Tony Finch wrote:
I think you need to widen that caveat: anything that isn't a web browser
should not use a DNS server that misbehaves as described in this draft.
I think you need to widen that caveat: anything should not use a DNS server
that misbehaves as described in th
At 9:55 AM -0400 7/13/09, Livingood, Jason wrote:
>On the topic of 'lying resolvers' though, that seems a bit strong IMHO. But
>perhaps I have missed a strong MUST statement (per RFC 2119) in a relevant RFC
>that you could refer me to?
I am not aware of an RFC that says something to the effec
> I think we probably also need to address
> the fact that mail servers should not use resolvers that perform DNS
> redirect (this was assumed but should be explicit).
At least when you do it on your recursive servers you're only affecting
your own customers, who in most cases can vote with thei
On 7/13/09 10:08 AM, "Tony Finch" wrote:
> On Mon, 13 Jul 2009, Livingood, Jason wrote:
>
>> I think we probably also need to address the fact that mail servers
>> should not use resolvers that perform DNS redirect (this was assumed but
>> should be explicit).
>
> I think you need to widen that
On Mon, 13 Jul 2009, Livingood, Jason wrote:
> I think we probably also need to address the fact that mail servers
> should not use resolvers that perform DNS redirect (this was assumed but
> should be explicit).
I think you need to widen that caveat: anything that isn't a web browser
should not
Thanks for the suggestion, Tony. I will add that to my tracking list for
the next revision (and may email you to confirm what I have might be
satisfactory). I think we probably also need to address the fact that mail
servers should not use resolvers that perform DNS redirect (this was assumed
but
Good feedback, which I will take into consideration for our 01 revision.
Please do note that Section 10 is definitely immature, as we noted in the
Open Issues (#5) in Appendix B. We¹ll be developing this section quite a
bit.
Thanks
Jason
On 7/13/09 4:12 AM, "Roy Arends" wrote:
> On Jul 9, 20
Thx for the **very detailed** and thoughtful feedback. I will review &
respond in detail when I start working on the 01 revision.
Jason
On 7/12/09 4:30 AM, "Florian Weimer" wrote:
> * Jason Livingood:
>
>> > If anyone is interested and has time before IETF 75, I¹m happy to take
>> > feedbac
Thx for the feedback. I will try to address your concern in the 01
revision. If you have any specific textual recommendations, let me know.
Jason
On 7/12/09 3:34 AM, "Florian Weimer" wrote:
> * Stephane Bortzmeyer:
>
>> > Unless I'm wrong, the I-D about lying resolvers do not discuss the
>
Good guidance on Informational vs. BCP. We may get there eventually, but I
thought that starting as a draft BCP might provoke more detailed and useful
debate. ;-)
On the topic of lying resolvers¹ though, that seems a bit strong IMHO. But
perhaps I have missed a strong MUST statement (per RFC 2
On Jul 13, 2009, at 1:53 PM, Antoin Verschuren wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
-Original Message-
From: dnsop-boun...@ietf.org [mailto:dnsop-boun...@ietf.org] On
Behalf Of
Stephane Bortzmeyer
Subject: Re: [DNSOP] Review of draft-livingood-dns-redirect-00
Disc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
> -Original Message-
> From: dnsop-boun...@ietf.org [mailto:dnsop-boun...@ietf.org] On Behalf Of
> Stephane Bortzmeyer
> Subject: Re: [DNSOP] Review of draft-livingood-dns-redirect-00
>
> Disclaimer: I find the whole idea a very bad one, a v
On Mon, 13 Jul 2009, Florian Weimer wrote:
> * Jelte Jansen:
> >
> > then a SERVFAIL will also result in an e-mail bounce that says
> > connection refused
>
> Not a hard 5xx error?
No, both SERVFAIL and connection refused are equivalent to 4yz temporary
failures.
> > instead of DNS error (assumin
Florian Weimer wrote:
* Jelte Jansen:
Ralf Weber wrote:
No redirection on SERVFAIL seems to be a strange recommendation.
Wouldn't this be a very good reason to provide a diagnostics page,
especially if there's been a DNSSEC validation failure?
This sounds like an excellent idea to help DNSSEC
* Jelte Jansen:
> Ralf Weber wrote:
>>> No redirection on SERVFAIL seems to be a strange recommendation.
>>> Wouldn't this be a very good reason to provide a diagnostics page,
>>> especially if there's been a DNSSEC validation failure?
>> This sounds like an excellent idea to help DNSSEC adoption
On Jul 9, 2009, at 5:23 PM, Livingood, Jason wrote:
I submitted this draft, which you can find at http://tools.ietf.org/html/draft-livingood-dns-redirect-00
, before the –00 cutoff on Monday, and it will be discussed in the
DNSOP WG meeting at IETF 75 (it is listed on the agenda).
If anyone
* Ralf Weber:
> That really is an issue and could be addressed, there are a lot of
> case where a A record for a domain doesn't exists, but one for
> www.domain does exist.
True, and some browser have code to deal with this.
> Question then would be how that rewrite should be presented. As a
> n
Ralf Weber wrote:
No redirection on SERVFAIL seems to be a strange recommendation.
Wouldn't this be a very good reason to provide a diagnostics page,
especially if there's been a DNSSEC validation failure?
This sounds like an excellent idea to help DNSSEC adoption and
is something that should go
24 matches
Mail list logo
