Re: [DNSOP] are there recent studies of client side/ISP firewalls interfering with EDNS?

The real issue with fragmentation is that firewalls don't add appropriate slit rules to let through the response fragments when they open the pinhole for the reply packet. It isn't that hard to add "permit from dest, to src, type udp, frag offset != 0" when you add "permit from dest port 53, to

Re: [DNSOP] Lame? - was Re: Asking TLD's to perform checks.

> When I did inspection of "lameness" I ran across the definition > of a lame server (in a few RFCs) being a name server, named in > an NS set that responded that it was not authoritative for the > answer sought. > > I cannot say that I have ever seen a definition of a lame > delegation, just a

Re: [DNSOP] [internet-dra...@ietf.org: I-D Action: draft-bortzmeyer-dnsop-nxdomain-cut-00.txt]

On Wed, Nov 11, 2015 at 01:15:37AM +, Wessels, Duane wrote a message of 107 lines which said: > This updates RFC 2308 (Negative Caching of DNS Queries). Good point, I'll add that. Also, I did not dare to add "Updates: RFC 1034". Should I? > I think the WG needs to

Re: [DNSOP] [internet-dra...@ietf.org: I-D Action: draft-bortzmeyer-dnsop-nxdomain-cut-00.txt]

In message <39d878b4-9239-4983-8083-36bca365b...@verisign.com>, "Wessels, Duane " writes: > > > On Nov 12, 2015, at 12:15 AM, Stephane Bortzmeyer wrote > : > > > > On Wed, Nov 11, 2015 at 01:15:37AM +, > > Wessels, Duane wrote > > a message of

[DNSOP] The DNSOP WG has placed draft-fanf-dnsop-rfc2317bis in state "Candidate for WG Adoption"

The DNSOP WG has placed draft-fanf-dnsop-rfc2317bis in state Candidate for WG Adoption (entered by Tim Wicinski) The document is available at https://datatracker.ietf.org/doc/draft-fanf-dnsop-rfc2317bis/ ___ DNSOP mailing list DNSOP@ietf.org

Re: [DNSOP] Asking TLD's to perform checks.

Jelte, don't forget there are ccTLD registries run by third parties for purely economic reasons, some better some worse. And a particular compatriot comes to mind :-)-O Then there are a number of smaller ccTLDs which are overwhelmed by all of this. Never mind those who only answer their email

Re: [DNSOP] Asking TLD's to perform checks.

On 11/12/2015 01:30 AM, Tim Wicinski wrote: > > (as chair) > > I was the one who told Mark I liked the document but we needed to do > less badgering of TLDs (my words, not his) and more on giving them > advice on the best practices. > +1 I'd like to add that they may be badgered just as hard

[DNSOP] Call for Adoption: draft-andrews-dns-no-response-issue

All I've read the threads and listened to the discussion. It seems to be agreement that there is "Good Stuff" in here, and the key will be to create a Best Practices document that describes this. I've talked with Mark and he's up for taking consensus feedback, and he's made significant

[DNSOP] are there recent studies of client side/ISP firewalls interfering with EDNS?

I have seen the ISC EDNS compliance report (beautiful thing really), but it loks as though the focus is really on the name servers and name server operators. Has a recent study been done to examine whether client side/ISP firewalls are interfering with EDNS? -- Glen Wiley Principal Engineer

Re: [DNSOP] are there recent studies of client side/ISP firewalls interfering with EDNS?

> On Nov 12, 2015, at 7:59 AM, Wiley, Glen wrote: > > I have seen the ISC EDNS compliance report (beautiful thing really), but it > loks as though the focus is really on the name servers and name server > operators. Has a recent study been done to examine whether client

Re: [DNSOP] [internet-dra...@ietf.org: I-D Action: draft-bortzmeyer-dnsop-nxdomain-cut-00.txt]

On 12 Nov 2015, at 0:15, Stephane Bortzmeyer wrote: On Wed, Nov 11, 2015 at 01:15:37AM +, Wessels, Duane wrote a message of 107 lines which said: This updates RFC 2308 (Negative Caching of DNS Queries). Good point, I'll add that. Also, I did not dare to add

Re: [DNSOP] [internet-dra...@ietf.org: I-D Action: draft-bortzmeyer-dnsop-nxdomain-cut-00.txt]

> On Nov 12, 2015, at 12:15 AM, Stephane Bortzmeyer wrote: > > On Wed, Nov 11, 2015 at 01:15:37AM +, > Wessels, Duane wrote > a message of 107 lines which said: > >> This updates RFC 2308 (Negative Caching of DNS Queries). > > Good point, I'll

Re: [DNSOP] are there recent studies of client side/ISP firewalls interfering with EDNS?

John Kristoff wrote: > After a DNS over TCP discussion a student of mine indicated that they > recently fixed a problem in their network where DNS messages over 512 > bytes were not being relayed. It appears the root cause has to do with > some defaults being set common gear that simply drops

Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-edns-chain-query

On 11/11/15, 5:01 PM, "Tony Finch" wrote: >Paul Vixie wrote: >> On Wednesday, November 11, 2015 04:41:27 PM Tony Finch wrote: >> > Paul Vixie wrote: >> > >> > > yes, that's flooding the channel. you're allowed one work-stream per >> > >

Re: [DNSOP] are there recent studies of client side/ISP firewalls interfering with EDNS?

On Thu, 12 Nov 2015 08:00:50 -0800 Nicholas Weaver wrote: > We've done some of this in Netalyzr. Captive portals in particular > are a problem, with about 1% of systems measured in Netalyzr unable > to use EDNS0 to get DNSSEC information either from the recursive >

Re: [DNSOP] are there recent studies of client side/ISP firewalls interfering with EDNS?

> On Nov 12, 2015, at 8:43 AM, John Kristoff wrote: > > On Thu, 12 Nov 2015 08:00:50 -0800 > Nicholas Weaver wrote: > > After a DNS over TCP discussion a student of mine indicated that they > recently fixed a problem in their network where DNS

[DNSOP] The DNSOP WG has placed draft-andrews-dns-no-response-issue in state "Candidate for WG Adoption"

The DNSOP WG has placed draft-andrews-dns-no-response-issue in state Candidate for WG Adoption (entered by Tim Wicinski) The document is available at https://datatracker.ietf.org/doc/draft-andrews-dns-no-response-issue/ ___ DNSOP mailing list