On Sat, 31 May 2014, 张海阔 wrote:
I think it is the problem which came from UDP protocal. It maybe better
if this problem can be handled in UDP protocal
It appears you have a solution that is looking for a problem or an excuse
to get deployed.
Of cause, all of problem which I mentioned in the
> If the verification is failed, it should response "Bogus"
> If the resolver do not get enough data to do the verification, then the
> resolver which weak trust anchor should be response with "insecure" DNS
> package. it is up to end-user or netizens to decide what to do next.
If the resolver di
ohh,yes. TCP must be implemented in name server in RFC 5966.
I think it is the problem which came from UDP protocal. It maybe better if this
problem can be handled in UDP protocal, not switch it to TCP protocal. If the
TCP traffic is heavy, other problems may come out for DNS service in the
futu
thanks for your feedback.
If the DNS message can be verified by DNSSEC, the resolver should response the
DNS package with the "AD" bit to the end user.
If the verification is failed, it should response "Bogus"
If the resolver do not get enough data to do the verification, then the
resolver which
In message , "=?gb2312?B?1cW
6o8Cr?=" writes:
> The TCP is an optional protocal for DNS query at the auth name server side, a
> nd is not mandatory,
> so not every DNS service will support TCP.
> so I think we should provide a method to get rid of it by UDP protocal.
>
> thanks for your feedback
The TCP is an optional protocal for DNS query at the auth name server side, and
is not mandatory,
so not every DNS service will support TCP.
so I think we should provide a method to get rid of it by UDP protocal.
thanks for your feedback.
haikuo
-- origin email --