Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Nov 9, 2014, at 3:28 PM, Paul Ebersman wrote: > It's a nice thought. But considering how little we've converged on SLAAC > vs DHCPv6, random assignment vs eui-64 vs static for host ID, RFC 6106 > vs DHCPv6 DNS, etc. (and I won't even start on how many IPv6 transition > techs there are), any con

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

In message <6c6d2bc0-4099-4f9c-ade4-f9dd021da...@fl1ger.de>, Ralf Weber writes: > Moin! > > Read this draft on the way to the IETF and while saw there was a lot of discu > ssion around it I didn't read all of it, so forgive me if stuff has been said > before. > > First I think it is good to hav

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

vixie> Indeed not. We currently have to maintain a large and complex vixie> distributed registry of ipv4 ptr patterns which are meaningless vixie> and must therefore be filtered out before making policy decisions vixie> about the presence/absence and match/doesn't of a ptr record and vixie> it's a

Re: [DNSOP] scribe and note-taker

We do. Well, did. Thank you! And thanks to Dan York for volunteering as jabber scribe. Much appreciated. On Nov 9, 2014, at 5:48 PM, John Levine wrote: > In article you write: >> Hi, >> >> It's that time again: we need a jabber scribe and a note-taker for Tuesday's >> meeting. > > If you

Re: [DNSOP] "Secure Unowned Hierarchical Anycast Root Name Service - And an Apologia" (circleid)

Hi, On Sun, Nov 09, 2014 at 03:10:31PM -0800, Paul Vixie wrote: > we intend that iana craft a second root zone, published in parallel with > the existing one, each being synchronized in terms of tld content, and > each signed with the then-current iana signing key. > > the second one will only h

Re: [DNSOP] "Secure Unowned Hierarchical Anycast Root Name Service - And an Apologia" (circleid)

the second one will only have two NS RR's at its apex, not thirteen. Oh, OK, rereading the Circle ID piece I see that's what you mean, but it's not super clear. It's still not clear to me what the practical advantage of this is over my hack of networks inserting their own routes for one of t

Re: [DNSOP] Draft on censorship, and DNS

Hi Stephane, El 11/9/2014 a las #4, Stephane Bortzmeyer escribió: > On Sun, Nov 09, 2014 at 12:09:15AM -0430, > Alejandro Acosta wrote > a message of 45 lines which said: > >> Recently I published a post in my personal blog an article -in >> Spanish- called something like: "The bad idea of b

Re: [DNSOP] "Secure Unowned Hierarchical Anycast Root Name Service - And an Apologia" (circleid)

Moin! > On 09 Nov 2014, at 15:10, Paul Vixie wrote: > we intend that iana craft a second root zone, published in parallel with the > existing one, each being synchronized in terms of tld content, and each > signed with the then-current iana signing key. > > the second one will only have two NS

Re: [DNSOP] Draft on censorship, and DNS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 11/09/2014 06:35 PM, Phillip Hallam-Baker wrote: > > If you want to do anything useful in counter-censorship then you have > to think of using steganography > *** If you use steganography, that probably means you're sending secrets over a cleart

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On November 9, 2014 2:08:28 PM PST, Ted Lemon wrote: >On Nov 9, 2014, at 12:01 PM, Paul Ebersman >wrote: >> Most ISPs and most email/spam folks find the current v4 pointer usage >to >> be functional. > >This assertion with respect to spam at least does not seem to match >what's actually been sa

Re: [DNSOP] "Secure Unowned Hierarchical Anycast Root Name Service - And an Apologia" (circleid)

> John Levine > Sunday, November 09, 2014 2:57 PM > > As I understand it, the proposal is to add another root server, the > "X" root, with A and records pointing at addresses that will > never be globally routed, with an invitation to networks of whatever > size to p

Re: [DNSOP] "Secure Unowned Hierarchical Anycast Root Name Service - And an Apologia" (circleid)

>(http://www.circleid.com/posts/20141107_secure_unowned_hierarchical_anycast_root_name_service_and_apologia/) As I understand it, the proposal is to add another root server, the "X" root, with A and records pointing at addresses that will never be globally routed, with an invitation to networ

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

Moin! Read this draft on the way to the IETF and while saw there was a lot of discussion around it I didn't read all of it, so forgive me if stuff has been said before. First I think it is good to have a draft that captures what you can do and what the challenges for IPv6 reverse are. However

Re: [DNSOP] Draft on censorship, and DNS

> David Conrad > Sunday, November 09, 2014 11:38 AM > Another argument for DNS-over-443. +1. -- Paul Vixie ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] scribe and note-taker

In article you write: >Hi, > >It's that time again: we need a jabber scribe and a note-taker for Tuesday's >meeting. If you still need a note taker, I can do it. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Nov 9, 2014, at 12:01 PM, Paul Ebersman wrote: > Most ISPs and most email/spam folks find the current v4 pointer usage to > be functional. This assertion with respect to spam at least does not seem to match what's actually been said on the list by people who are in a position to know. __

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

To step back up a level again. Most ISPs and most email/spam folks find the current v4 pointer usage to be functional. I'm not saying that we all think it's not somewhat broken, couldn't be better, etc. However, it solves the problems it's supposed to solve in a functional way and doesn't generat

Re: [DNSOP] Draft on censorship, and DNS

If you want to do anything useful in counter-censorship then you have to think of using steganography So don't call it DNS and don't put the parts of the plan designed for counter censorship prominently in the draft Port 443 is loaded with censorship issues. If you want to get your packets pa

Re: [DNSOP] Draft on censorship, and DNS

Another argument for DNS-over-443. I think the slogan "F* it, just put it into the DNS" should probably be modified to: "F* it, just put it into the DNS over HTTPS" Sigh. Regards, -drc On Nov 8, 2014, at 11:07 PM, dikshie wrote: > Hi, > In Indonesia case: > 1.Government asks everyone that M

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

> > Putting my ISP hat on, I'd have to agree with the security/stability > > reasons (and several others I can think of). As of today, I have zero > > incentive to let my residential customers create their own PTR records. > > Putting my customer hat on: I want PTR for my machines (many hosters >

Re: [DNSOP] Draft Reverse DNS in IPv6 for Internet Service Providers

On Thu, Nov 06, 2014 at 08:26:17AM +0100, sth...@nethelp.no wrote a message of 24 lines which said: > Putting my ISP hat on, I'd have to agree with the security/stability > reasons (and several others I can think of). As of today, I have zero > incentive to let my residential customers create

Re: [DNSOP] Draft on censorship, and DNS

Hi, In Indonesia case: 1.Government asks everyone that MUST use ISPs' DNS servers. No third party DNS servers are allowed (for example: Google's DNS). Although I am not sure about the real implementation, ISPs will redirect DNS request traffic from customers to their DNS servers. 2.ISPs' DN

Re: [DNSOP] Draft on censorship, and DNS

> On 9 nov 2014, at 06:13, Danny McPherson wrote: > > As well as in SSAC's SAC056: > > https://www.icann.org/en/system/files/files/sac-056-en.pdf And let me add to this pointed to by Danny also SAC-050 which is a two page document setting a baseline.