A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : DNS Stateful Operations
Authors : Ray Bellis
Stuart Cheshire
Mirja Kühlewind has entered the following ballot position for
draft-ietf-dnsop-session-signal-19: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please re
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : DNS Stateful Operations
Authors : Ray Bellis
Stuart Cheshire
On 2018-12-06 15:59 -0500, Viktor Dukhovni wrote:> To prevent crappy DS
records, the registrar or registry would need
to check that the zone contains a matching key (matching key tag
and hash value) before publishing the DS record.
That would then prohibit prepublishing the DS record in advanc
> On 7 Dec 2018, at 7:59 am, Viktor Dukhovni wrote:
>
> On Thu, Dec 06, 2018 at 10:26:55AM -0300, Hugo Salgado-Hernández wrote:
>
>> On 18:54 05/12, Viktor Dukhovni wrote:
>>> No idea why people would just "make up" (non-)random DS records for
>>> their domains, but for some reason some do. Th
On Thu, Dec 06, 2018 at 10:26:55AM -0300, Hugo Salgado-Hernández wrote:
> On 18:54 05/12, Viktor Dukhovni wrote:
> > No idea why people would just "make up" (non-)random DS records for
> > their domains, but for some reason some do. These made-up DS RRs
>
> Could it be a bad (or nonexistent) val
On Thu, Dec 06, 2018 at 04:29:13PM +0100, p vixie wrote:
> It's an error in the specification.
Thank you Paul. That clears it. I asked because BIND follows the RFC to
the letter, and an admin may see some log messages that are unexpected
for an address that's not in the update ACL.
It's an error in the specification.
- Original Message -
From: Mukund Sivaraman
Sent: 2018-12-06 - 15:45
To: dnsop@ietf.org
Subject: [DNSOP] RFC 2136 pre-requisite checks before client authorization
checks
> Hi all
>
> Does anyone know why RFC 2136 sequences pre-requisite checks (secti
Possibly because signature verification is thought to be expensive?
On Thu, Dec 6, 2018 at 6:45 AM Mukund Sivaraman wrote:
> Hi all
>
> Does anyone know why RFC 2136 sequences pre-requisite checks (section
> 3.2) to be performed before client permission checks (section 3.3)? It
> seems weird to
Hi all
Does anyone know why RFC 2136 sequences pre-requisite checks (section
3.2) to be performed before client permission checks (section 3.3)? It
seems weird to sequence them in this way, especially as it is cheaper to
perform client IP address checks (and some zone permission checks)
earlier i
On 18:54 05/12, Viktor Dukhovni wrote:
> No idea why people would just "make up" (non-)random DS records for
> their domains, but for some reason some do. These made-up DS RRs
Could it be a bad (or nonexistent) validation in user input?
I've seen customers putting hostnames, google validation to
The 30th DNS-OARC Workshop will take place at the Shangri-La Hotel,
Bangkok, Thailand,
on May 12th and 13th 2019, hosted by ICANN.
(Note that several co-located meetings are taking place immediately prior to the
DNS-OARC Workshop, including the GDD Industry Summit, May 6th-9th, the
Registrations O
12 matches
Mail list logo
