On Aug 15 2014, Mark Andrews wrote:
[...]
The last delegation in the current chain is a secure delegation from
IN-ADDR.ARPA to 100.IN-ADDR.ARPA so there is a problem currently.
No one can safely setup their own reverse zones validation is now
starting to be done in stub resolvers and to do so
On Aug 14 2014, Joe Abley wrote:
[...]
It seems to me that no delegation is a perfectly reasonable steady state,
It fails to break the chain of trust. Because a validator can prove that
the names in the putative subzone do not exist, it will consider locally
defined content bogus. The only
Greetings again. I have a need for expressing DNS messages in JSON for an
application I have written. Stephane and I had started to work on this but
ended up dropping it. draft-dulaunoy-kaplan-passive-dns-cof comes at the same
problem from another direction, but it is specific for one problem
Hi Chris,
I went quiet on this thread because I was going to try this out in a lab before
commenting further, but since I haven't done that and you had something to
say...
On 20 Aug 2014, at 12:50, Chris Thompson c...@cam.ac.uk wrote:
On Aug 14 2014, Joe Abley wrote:
[...]
It seems to me
In message 19ae3cb3-b108-42cb-bae2-a2f1fbb55...@hopcount.ca, Joe Abley writes
:
Hi Chris,
I went quiet on this thread because I was going to try this out in a lab
before commenting further, but since I haven't done that and you had
something to say...
On 20 Aug 2014, at 12:50, Chris
On 20 Aug 2014, at 17:48, Mark Andrews ma...@isc.org wrote:
You will give answers that validate as bogus in the stub resolver.
This seems to be the crux of our differing world views.
A validating stub resolver
Validating stub resolvers?
In my own personal taxonomy a stub resolver doesn't
In message e4ad7d21-995c-46b1-813e-70ca0919f...@hopcount.ca, Joe Abley writes
:
On 20 Aug 2014, at 17:48, Mark Andrews ma...@isc.org wrote:
You will give answers that validate as bogus in the stub resolver.
This seems to be the crux of our differing world views.
A validating stub
In message 20140820235118.e952b1d1b...@rock.dv.isc.org, Mark Andrews writes:
In message e4ad7d21-995c-46b1-813e-70ca0919f...@hopcount.ca, Joe Abley writ
es
:
On 20 Aug 2014, at 17:48, Mark Andrews ma...@isc.org wrote:
You will give answers that validate as bogus in the stub
On Aug 20, 2014, at 9:21 PM, Andrew Sullivan a...@anvilwalrusden.com wrote:
On Thu, Aug 21, 2014 at 10:52:46AM +1000, Mark Andrews wrote:
It was also a required step as you can't reliably
validate in the client unless the recursive server has filtered out
the spoofed answers.
If I
In message 20140821012100.gc2...@mx1.yitter.info, Andrew Sullivan writes:
On Thu, Aug 21, 2014 at 10:52:46AM +1000, Mark Andrews wrote:
It was also a required step as you can't reliably
validate in the client unless the recursive server has filtered out
the spoofed answers.
If I
In message 54885a5d-2afa-4d37-9b83-2229082d7...@virtualized.org, David Conrad
writes:
Hi,
On Aug 20, 2014, at 6:21 PM, Andrew Sullivan a...@anvilwalrusden.com
wrote:
On Thu, Aug 21, 2014 at 10:52:46AM +1000, Mark Andrews wrote:
It was also a required step as you can't reliably
On Thu, Aug 21, 2014 at 12:17:25PM +1000, Mark Andrews wrote:
If they fail it can
fallback to making iterative queries or just accept the failure.
I'd quibble with this bit: if it can make iterative queries, then we
might as well just call it a validating resolver.
IMHO the thing we're
In message prayer.1.3.5.1408201724000.12...@hermes-1.csi.cam.ac.uk, Chris
Thompson w
rites:
On Aug 15 2014, Mark Andrews wrote:
[...]
The last delegation in the current chain is a secure delegation from
IN-ADDR.ARPA to 100.IN-ADDR.ARPA so there is a problem currently.
No one can safely
13 matches
Mail list logo