i'm ok with that part, but not this part:
This behavior causes a variety of problems, such as invalid negative
answers, that are so severe that it is unreasonable to expect clients
to interoperate with them reliably and so there is no point in trying to
work around them.
"For i
On Monday, December 28, 2015 04:40:20 AM John Levine wrote:
> >> NEW
> >>
> >>For instance, some authoritative name servers embedded in load
> >>balancers reply properly to A queries but send REFUSED to NS queries.
> >>This behaviour violates the DNS protocol (see Section ??? of [RFC??
>> NEW
>>For instance, some authoritative name servers embedded in load
>>balancers reply properly to A queries but send REFUSED to NS queries.
>>This behaviour violates the DNS protocol (see Section ??? of [RFC??],
>>and improvements to the DNS are impeded if we accept such behavio
>> Unless, of course, the target doesn't like you and refuses your
>> queries for policy reasons.
>
>Note that I said "unconditionally refusing all NS queries". Conditionally
>refusing queries based on query source behaviour is off-topic.
Perhaps the target doesn't like anyone. Here's the entire
On Sunday, December 27, 2015 10:31:52 PM Paul Wouters wrote:
> The section in question of the draft under discussion talks about the
> specific case where a load balancer is returning REFUSED because it
> did not implement NS queries, and that such behaviour is a violation
> of the RFC.
strictly s
On Sun, Dec 27, 2015 at 10:31 PM, Paul Wouters wrote:
> On Sun, 28 Dec 2015, John Levine wrote:
>
> Being listed as nameserver while unconditionally refusing all NS queries
>>> leads to a guaranteed failure with DNSSEC as there would not be a signed
>>> NS RRset published anywhere.
>>>
>>
>> Yes,
On Sun, 28 Dec 2015, John Levine wrote:
Being listed as nameserver while unconditionally refusing all NS queries
leads to a guaranteed failure with DNSSEC as there would not be a signed
NS RRset published anywhere.
Yes, we agree it could have bad results.
The NS RR states that the na
For instance, some authoritative name servers embedded in load
balancers reply properly to A queries but send REFUSED to NS queries.
>> If my policy is not to tell you about NS records, that's my policy.
>> It may be a stupid policy that causes downstream problems, but it's my
>> r
On Sun, 28 Dec 2015, John Levine wrote:
NEW
For instance, some authoritative name servers embedded in load
balancers reply properly to A queries but send REFUSED to NS queries.
This behaviour violates the DNS protocol (see Section ??? of [RFC??],
and improvements to the DNS are imped
>> NEW
>>For instance, some authoritative name servers embedded in load
>>balancers reply properly to A queries but send REFUSED to NS queries.
>>This behaviour violates the DNS protocol (see Section ??? of [RFC??],
>>and improvements to the DNS are impeded if we accept such behavio
Hi all
These comments are for:
https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-06
One of the main concerns while implementing EDNS client-subnet is about
keeping the size of cache small and in check. It seems cache handling
for EDNS client-subnet can be improved by changes to the
On Tue, Dec 15, 2015 at 09:35:19PM -0800,
Barry Leiba wrote
a message of 124 lines which said:
> NEW
>For instance, some authoritative name servers embedded in load
>balancers reply properly to A queries but send REFUSED to NS queries.
>This behaviour violates the DNS protocol (see
On Sun, Dec 27, 2015 at 01:23:49PM -0800,
internet-dra...@ietf.org wrote
a message of 44 lines which said:
> Title : NXDOMAIN really means there is nothing underneath
> Authors : Stephane Bortzmeyer
> Shumon Huque
> Filename
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations Working Group
of the IETF.
Title : NXDOMAIN really means there is nothing underneath
Authors : Stephane Bortzmeyer
14 matches
Mail list logo
