On Wed, Feb 11, 2015 at 05:36:22PM +0100, Petr Spacek wrote:
In other words, I do not think we can prevent people from doing crazy things
just by obscuring format of diagnostics data. I'm sure somebody will try to
parse free-form string 'signature expired 1 week ago' and do some decisions
from
On Wed, Feb 11, 2015 at 03:44:31PM +0100, Pier Carlo Chiodi wrote:
Wild idea: Could it be solved by adding more information to SERVFAIL
answer?
a draft was proposed with this very topic, but it's expired now:
https://datatracker.ietf.org/doc/draft-hunt-dns-server-diagnostics/
I'd be
Hi Petr,
This has been discussed in the past a few times and died as people could not
agree on what the format of the record was going to be, if it was going to be
useful for human or computers
etc.
The first idea was probably presented in 1987 by Robert Watson and myself
Hello dnsop,
draft-ietf-dnsop-dnssec-roadblock-avoidance is a nice idea in general but
current version of Roadblock Avoidance, section 5, version 01 has a
significant drawback:
Else if the resolver is labeled Not a DNS Resolver or
Non-DNSSEC capable
Mark it as
On 11.2.2015 17:08, Evan Hunt wrote:
On Wed, Feb 11, 2015 at 03:44:31PM +0100, Pier Carlo Chiodi wrote:
Wild idea: Could it be solved by adding more information to SERVFAIL
answer?
a draft was proposed with this very topic, but it's expired now:
Hello dnsop,
while implementing DNSSEC validation into Fedora/RHEL distributions we face
problems with debugging SERVFAILs seen by stub resolvers because different
causes of SERVFAILs are indistinguishable.
Even in cases where we have access to server logs (e.g. because the validating
resolver
Hello,
On 2015-02-11 15:18, Petr Spacek wrote:
while implementing DNSSEC validation into Fedora/RHEL distributions we
face
problems with debugging SERVFAILs seen by stub resolvers because
different
causes of SERVFAILs are indistinguishable.
...
Wild idea: Could it be solved by adding more
Hi all,
Warren and I have prepared draft-wkumari-dnsop-alt-tld-04. We'd
appreciate feedback. If there isn't any, maybe that's a sign that we
could just publish it and thereby create a special TLD in which people
could set up their various special use special names? This would be
tidier than
