On Mar 13, 2015, at 10:21 AM, Morizot Timothy S timothy.s.mori...@irs.gov
wrote:
It’s been steadily increasing for years now and gives me an idea what
percentage of the US public is protected against certain types of attacks
involving our zones. DNSSEC validation is not a panacea, but in
A new Request for Comments is now available in online RFC libraries.
RFC 7477
Title: Child-to-Parent Synchronization in DNS
Author: W. Hardaker
Status: Standards Track
Stream: IETF
Date: March 2015
Mailbox:
Nonsense.
I'm not sure exactly what sort of attack profile you have in mind at the
registrar with a, but given that the TTL for DS records is generally 24 hours,
most attacks at that level will create pretty widespread DNSSEC validation
errors for at least that initial day. DNSSEC validation
On Thu, Mar 12, 2015 at 2:10 PM, Paul Hoffman paul.hoff...@vpnc.org wrote:
On Mar 12, 2015, at 10:59 AM, Tony Finch d...@dotat.at wrote:
Patrik Wallström pa...@blipp.com wrote:
Glue Name Records are defined as all NS records pertaining to the child
domain that are delivered by the
On Fri, Mar 13, 2015 at 7:00 PM, Paul Hoffman paul.hoff...@vpnc.org wrote:
Casey noticing the updated, wider definition in 2181 kinda throws a wrench
into the what is not glue discussion. Here is a proposed update to the
draft that includes both definitions and discusses the ramifications of
On Thu, Mar 12, 2015 at 4:09 PM, Mark Andrews ma...@isc.org wrote:
In message 3d558422-d5da-4434-bded-e752ba353...@flame.org, Michael Graff
writes:
What problem are we specifically trying to solve here again?
A non-problem for most of us.
Michael
If one really wants to reduce the number
Nicholas Weaver mailto:nwea...@icsi.berkeley.edu
Saturday, March 14, 2015 5:07 AM
...
Overall, unless you are validating on the end host rather than the
recursive resolver, DNSSEC does a lot of harm from
misconfiguration-DOS, but almost no good.
several of us jumped for joy in 2008 when
I remain puzzled at the entire technological motivation that CloudFlare
claims for this deliberate creation of interoperability problems.
In particular, what exactly is the programming difficulty that they
claim they're encountering in implementing QTYPE=*? Are they also having
trouble
On Fri, Mar 13, 2015 at 09:00:34AM -0700, Paul Hoffman wrote:
If there is a well-accepted name for address records that come with glue
records but are not actually glue records, we can add it, but I am
hesitant for this document becoming a list of things observed in the wild
that don't already
On Mar 13, 2015, at 9:33 AM, Evan Hunt e...@isc.org wrote:
Given the amount of discussion this topic has generated, and the number of
ways I've seen the word used in the past (and, in fact, have used it myself
when speaking imprecisely), a discursive paragraph about common misuses
might be
10 matches
Mail list logo
