On Thu, 09 Jul 2009, Livingood, Jason wrote:
I submitted this draft, which you can find at
http://tools.ietf.org/html/draft-livingood-dns-redirect-00, before
the =??00 cutoff on Monday, and it will be discussed in the DNSOP WG
meeting at IETF 75 (it is listed on the agenda).
I think that this
On 7/14/09 8:58 AM, Suzanne Woolf wo...@isc.org wrote:
In this case, we're talking about resolvers replacing
authoritative server data with their own.
Actually, I thought the case was resolvers providing an alternate response,
where NO authoritative data exists. ??
To the draft
Actually, I thought the case was resolvers providing an alternate
response,
where NO authoritative data exists. ??
An NXDOMAIN response is still authoritative data.
Ray
--
Ray Bellis, MA(Oxon) MIET
Senior Researcher in Advanced Projects, Nominet
e: r...@nominet.org.uk, t: +44 1865 332211
On Mon, 13 Jul 2009, Andrew Sullivan wrote:
Section 7.5 seems to suggest that there are cases where it is
acceptable to intercept DNS queries and redirect them silently. These
cases are typified as being reasonable, justifiable, c. The
problem with any of this sort of thing is that it is
On Mon, Jul 13, 2009 at 09:55:42AM -0400, Livingood, Jason wrote:
On the topic of lying resolvers though, that seems a bit strong IMHO. But
perhaps I have missed a strong MUST statement (per RFC 2119) in a relevant
RFC that you could refer me to?
It's always seemed to me that it was implicit
On Tue, Jul 14, 2009 at 09:15:24AM -0400, Livingood, Jason wrote:
On 7/14/09 8:58 AM, Suzanne Woolf wo...@isc.org wrote:
In this case, we're talking about resolvers replacing
authoritative server data with their own.
Actually, I thought the case was resolvers providing an alternate
At 9:15 AM -0400 7/14/09, Livingood, Jason wrote:
On 7/14/09 8:58 AM, Suzanne Woolf wo...@isc.org wrote:
In this case, we're talking about resolvers replacing
authoritative server data with their own.
Actually, I thought the case was resolvers providing an alternate response,
where NO
On Tue, Jul 14, 2009 at 02:25:33PM +0100, Tony Finch wrote:
Captive portals come to mind, e.g. to authenticate to a wireless access
point, or to quarantine a customer's virus-infested computer.
There are in fact ways to do that without mucking with DNS answers.
Some portals do such things, and
On Sat, Jul 11, 2009 at 04:59:38PM -0700,
Paul Hoffman paul.hoff...@vpnc.org wrote
a message of 8 lines which said:
Having said that, the publication of a document such as this (with
more input from the community) as a Informational RFC could indeed
help the Internet.
I doubt it. IMHO,
On Mon, Jul 13, 2009 at 03:27:56PM +0100,
ray.bel...@nominet.org.uk ray.bel...@nominet.org.uk wrote
a message of 51 lines which said:
At least when you do it on your recursive servers you're only affecting
your own customers, who in most cases can vote with their wallets when
they don't
On Mon, Jul 13, 2009 at 04:29:49PM -0400,
Andrew Sullivan a...@shinkuro.com wrote
a message of 33 lines which said:
It is a fact that people are doingthese DNS tricks, and we will not
be saved from them by refusing totalk about them any more than we
were saved from the stupidestpossible NAT
Hello,
When I first read draft-livingood-dns-redirect-00, my first thought
was about how would it be received if the author was from some
country in the Far East. In September 2008, the IETF published BCP
140 about preventing use of recursive nameservers in reflector
attacks. The
On Mon, Jul 13, 2009 at 09:20:12PM -0400, Livingood, Jason wrote:
Great and detailed feedback on our first draft, Andrew. I'll take a reply
in detail, point-by-point, when I start working on -01 with my co-authors
and contributors.
Thanks
Jason
jason
andrew pretty much covered it
In message 6.2.5.6.2.20090714124754.030b6...@elandnews.com, SM writes:
In Section 8.4, it is mentioned that the owner of example.com may
request that the ISP or DNS ASP not perform DNS Redirect for the
example.com domain. It will be a lot of work to contact all the
ISPs, if that is even
On Mon, 13 Jul 2009, Paul Hoffman wrote:
I think you need to widen that caveat: anything that isn't a web browser
should not use a DNS server that misbehaves as described in this draft.
I think you need to widen that caveat: anything should not use a DNS server
that misbehaves as described in
Thanks for your detailed review. We¹ll reply when we start to work on the
01 update.
Regards
Jason
On 7/14/09 7:21 PM, SM s...@resistor.net wrote:
Hello,
When I first read draft-livingood-dns-redirect-00, my first thought
was about how would it be received if the author was from some
16 matches
Mail list logo
