One of my hot buttons - meant to be one of the reasons why trying to
define "goodness" never has succeeded. (Note, I'm using past tense.)
On 11/11/15, 1:47, "DNSOP on behalf of Viktor Dukhovni"
wrote:
> * Lame delegations are wrong.
When I did inspection of "lameness" I ran across the definit
(as chair)
I was the one who told Mark I liked the document but we needed to do
less badgering of TLDs (my words, not his) and more on giving them
advice on the best practices.
I'm stuck in the office in San Francisco this week, but I will read the
newer versions. It sounds like something
On Wednesday, November 11, 2015 10:01:51 PM Tony Finch wrote:
> Paul Vixie wrote:
> > > > i have no objection to multiple parallel outstanding upstream queries
> > > > over a TCP stream.
> > >
> > > Why is TCP special?
> >
> > because it has per-flow congestion control.
>
> Which is perfectly f
Paul Vixie wrote:
> On Wednesday, November 11, 2015 04:41:27 PM Tony Finch wrote:
> > Paul Vixie wrote:
> >
> > > yes, that's flooding the channel. you're allowed one work-stream per
> > > query, in order that timeouts and other loss are only felt as
> > > backpressure by those apps who caused th
On Wed, Nov 11, 2015 at 07:25:39AM +0100, Patrik Fältström wrote:
...
>
> That said, initiatives like the one I did run did push errors (for some
> definition of errors) from 22% to maybe 17% in .SE and my inspection of the
> rest say that getting errors down to 15% is possible, but more is very
On 11 Nov 2015, at 13:05, Viktor Dukhovni wrote:
On Wed, Nov 11, 2015 at 12:22:05PM +, Lawrence Conroy wrote:
ISTM that the IETF isn't in a position to force its suggestions
through
the 'industry'.
Who said anything about "forcing", I thought this was intended to
be a BCP. As for whe
On Wed, Nov 11, 2015 at 05:48:37PM +0100, bert hubert wrote:
> To test, try:
>
> $ dig -t txt www.geo.powerdns.com
> www.geo.powerdns.com. 30 IN TXT "hallo Nederland
> 86.82.68.237/12"
This is very useful. I also created an authority zone for testing
EDNS client subnet propertie
On Wed, Nov 11, 2015 at 12:22:05PM +, Lawrence Conroy wrote:
> ISTM that the IETF isn't in a position to force its suggestions through
> the 'industry'.
Who said anything about "forcing", I thought this was intended to
be a BCP. As for whether the checks are done by registries or
registrar
On 11/11/15 7:58 AM, Stephane Bortzmeyer wrote:
> I write a draft requesting registration of each of these in the RFC
> 6761 registry :-D
While I might consign this to the realm of nutjobs, it seems to be the
case that what they intend to describe is an entirely seperate namespace.
> https://foru
On Wednesday, November 11, 2015 04:41:27 PM Tony Finch wrote:
> Paul Vixie wrote:
>
> > yes, that's flooding the channel. you're allowed one work-stream per
> > query, in order that timeouts and other loss are only felt as
> > backpressure by those apps who caused them.
>
> Where is that specifi
Hi everybody,
With help from PowerDNS ueber value community member Aki Tuomi, the GeoIP
backend in PowerDNS has been extended to use the netmask information
contained in the Maxmind geolocation database.
We needed this because we couldn't find a lot of domains out there that
actually respond with
Paul Vixie wrote:
> > You get the entire CNAME chain in the first RTT so you can validate all
> > the links in the chain in the second RTT.
>
> here, you appear to be planning for a stub validator, which makes RD=1
> queries.
Yes, that's what edns-chain-query is for.
> yes, that's flooding the
On Wednesday, November 11, 2015 03:56:31 PM Tony Finch wrote:
> Paul Vixie wrote:
>
> > second, you can't send a burst of queries, as a validator. even apart
> > from the fact that any CNAME (RFC 2317 style) can add delegation points
> > that weren't at label boundaries in your original QNAME, an
I write a draft requesting registration of each of these in the RFC
6761 registry :-D
https://forum.ethereum.org/discussion/1383/the-ethereum-domain-naming-system
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
Paul Vixie wrote:
>
> if you mean label boundaries you have to say label boundaries,
> because dots can appear inside labels.
Yes.
> second, you can't send a burst of queries, as a validator. even apart
> from the fact that any CNAME (RFC 2317 style) can add delegation points
> that weren't at l
On 6.11.2015 05:06, Tim Wicinski wrote:
>
> During the meeting, it appears that this draft is ready for Working Group Last
> Call, with one item looking for direction from the working group.
>
> This starts a Working Group Last Call for
> draft-ietf-dnsop-dnssec-roadblock-avoidance
>
> C
On Tuesday, November 10, 2015 09:29:30 PM Tony Finch wrote:
> Paul Hoffman wrote:
> > > With the current DNS protocol, a stub resolver can get all the records
> > > it
> > > needs to validate a response in 1RTT, by sending multiple concurrent
> > > queries for all the possible delegation points in
Hi Patrik, Jim, folks,
+1
Not an IETF thing, but ISTR that the RRR model can make pushing error reports
difficult:
e.g., if Registry runs tests and finds problems, the Registrar may be unhappy
for an email
to be sent from Registry direct to "the Registrar's" customer.
Quite apart from anythin
On 11 Nov 2015, at 11:42, Stephane Bortzmeyer wrote:
> On Wed, Nov 11, 2015 at 11:29:41AM +0100,
> Patrik Fältström wrote
> a message of 57 lines which said:
>
>> Some registries even requires MX records at the zone apex! Even more weird.
>
> Less so now that we have RFC 7505.
Sure, but still do
Viktor Dukhovni wrote:
>
> Except in the presence of CNAME (possibly via DNAME) records, which
> might mean that the client needs more records to validate multiple
> nodes in the DNS tree.
>
> So without nameserver assistance 1RTT via parallelism is not always
> possible.
Yes, with aliases you so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I just read you draft about qname minimisation again and i discovered
that besides limiting the number of labels the resolver is sending to
the authoritative it also proposes to replace the qtype with "NS" when
sending queries to authoratives.
This
In message <2015104833.gb29...@sources.org>, Stephane Bortzmeyer writes:
> On Tue, Nov 10, 2015 at 03:25:11PM +0100,
> Shane Kerr wrote
> a message of 49 lines which said:
>
> > My guess is that part of the resistance is because you are going to
> > be asking people to spend money on some
On Tue, Nov 10, 2015 at 03:25:11PM +0100,
Shane Kerr wrote
a message of 49 lines which said:
> My guess is that part of the resistance is because you are going to
> be asking people to spend money on something that does not provide
> them or their customers any (direct) benefits. Further, it b
>> Does the scenario look like this?
>>
>> * Client asks to registrar to set up frobbit.se
>
> Yes, someone want to register frobbit.se domain name. For pure
> IPR reasons. It should not resolve.
Ah, OK. Then this is first and foremost a registry policy issue:
do you in your policy support regist
On Wed, Nov 11, 2015 at 11:29:41AM +0100,
Patrik Fältström wrote
a message of 57 lines which said:
> Some registries even requires MX records at the zone apex! Even more weird.
Less so now that we have RFC 7505.
___
DNSOP mailing list
DNSOP@ietf.or
Viktor Dukhovni wrote:
>
A good list of problems. Sounds like it was a lot of hard work discovering
those!
> * Having DS records in the parent zone with no matching DNSKEYs
> at the zone apex is wrong.
It's OK provided that at least one DS of each algorithm has a matching
DNSKEY. You get
On 11 Nov 2015, at 11:17, Havard Eidnes wrote:
> A zone registered with delegation records, but where none of the
> name servers respond to queries for the zone does noone any good,
> so why must it be acceptable?
Because only registration of the domain name is what is wanted.
No one want record
On 11 Nov 2015, at 11:17, Havard Eidnes wrote:
> Does the scenario look like this?
>
> * Client asks to registrar to set up frobbit.se
Yes, someone want to register frobbit.se domain name. For pure IPR reasons. It
should not resolve.
> * Registrar is lazy and doesn't want to set up a separate z
On Mon, Nov 09, 2015 at 06:48:51PM -0800,
The IESG wrote
a message of 35 lines which said:
> The IESG plans to make a decision in the next few weeks, and
> solicits final comments on this action. Please send substantive
> comments to the i...@ietf.org mailing lists by 2015-11-23.
I have the p
>> It may not be possible for everyone to agree on a comprehensive
>> set of 'wrongs' with no omissions, but it should be possible to
>> get consensus on a core set of 'wrongs' that are not controversial.
>
> Yes and no. I think going for a minimum will be a good goal,
> but for example to have la
Tim Wicinski wrote:
> Do we know of any implementations that have tried this?
I mentioned in another message that I did a brief survey of validators. I
was trying to see if there was one I could easily adapt to concurrent
queries. Sadly I couldn't find one. A lot of validators are coupled to
ite
On Wednesday, November 11, 2015 07:43:30 AM Mark Andrews wrote:
> Perhaps we should be getting Jari, Suzanne and Andrew to push this
> at IGF meetings.
that's a right-thinking goal but with incorrect implementation semantics.
for IGF to care about this, you'd have to show the cost to end users an
Mark,
please point me to the tools :-)-O
el
On 2015-11-11 10:23, Mark Andrews wrote:
[...]
>> Well we have tools that can test every server in a zone.
[...]
--
Dr. Eberhard W. Lisse \/ Obstetrician & Gynaecologist (Saar)
e...@lisse.na/ * | Telephone: +264 81 124 6733
On Wed, Nov 11, 2015 at 07:53:25AM +0100, Patrik Fältström wrote:
> > It may not be possible for everyone to agree on a comprehensive
> > set of 'wrongs' with no omissions, but it should be possible to
> > get consensus on a core set of 'wrongs' that are not controversial.
>
> Yes and no. I think
In message <5642ea31.5060...@lisse.na>, Dr Eberhard W Lisse writes:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> For smaller (cc)TLDs it's not only the enforceability that's
> difficult (or as mentioned counterproductive) it's also the real
> world (Open Source Tools)
>
> If someone wri
35 matches
Mail list logo
