On Sun, 30 Jul 2017, Evan Hunt wrote:
It's clearly helpful for human debugging.
But, yes, you're correct -- diagnostic information included with a
SERVFAIL is about as trustworthy as the AD bit, and in the absence of an
authentication mechanism such as TSIG, clients should not rely on it or
bas
On Mon, Jul 31, 2017 at 09:57:11AM -0400, Paul Wouters wrote:
> But we know people are already building software and systems that DO
> trust the AD bit, even with non-localhost resolv.conf entries. This
> saves them the overhead of adding a dnssec library to their application,
> and saves them from
Postfix is one but last I knew only when resolv contains localhost.
I think systemd-resolved also does various tricks but haven't looked at that in
a long time.
Software doesn't want to link against a dnssec library. Hopefully we can get
something smaller and better if we can use query-chains (
> -Original Message-
> From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of Vernon Schryver
>
> > From: "Woodworth, John R"
>
> > > One could make $GENERATE more efficient without actually
> > > implementing the BULK RR, by taking your pattern matching logic and
> > > implementing it
>
On Mon, Jul 31, 2017 at 05:11:07PM +, Evan Hunt wrote:
> Are there applications specifically trusting AD=1 and behaving differently
> than with AD=0? Or are they just ignoring it and trusting every answer
> equally? I would have expected the latter, but I confess to being
> surprised if ther
On Sat, Jul 29, 2017 at 08:53:48AM -0400, Paul Wouters wrote:
> > This starts a Call for Adoption for draft-wkumari-dnsop-extended-error
>
> I have reviewed the draft, and while I think it could be useful, I'm
> seriously worried about sending unauthenticated errors back to the user,
> and fear t
Hi,
I'm interested in seeing
https://tools.ietf.org/html/draft-west-let-localhost-be-localhost-03
move from draft status to become a standard. In particular, it would
allow browsers to start treating "localhost" as a secure context, which
would reduce attempts by application developers to abuse th
