On 6/22/22 08:36, Brian Dickson wrote:
The whole point of the bootstrap mechanism is to onboard the /initial/ DS
record for a particular domain securely.
Once the initial DS is present, there is no further need for bootstrap.
For a single domain, the only purpose of doing what you propose fo
On 6/22/22 14:40, Paul Wouters wrote:
Unfortunately, the reverse zone is very often out of reach for those who use
the IP range and trying to do classless reverse delegation (RFC 2317) for those
who have less than a /24 is even harder to get.
That's exactly right, DNS operators will in many
On Jun 27, 2022, at 13:40, Peter Thomassen wrote:
> Thinking about it, perhaps there's no reason for normative language here. If
> others agree, please let me know and I'll change to lowercase "should".
If you are going to downgrade the requirement, MAY seems better than should,
perhaps couple
Hi Rubens,
On 6/22/22 05:29, rubensk=40nic...@dmarc.ietf.org wrote:
On 22 Jun 2022, at 00:07, John Levine mailto:jo...@taugh.com>> wrote:
In practice, I doubt that enough reverse zones are signed or that the
provisoning crudware that people use for reverse zones would work
often enough to be wor
Allowing the reverse zone method seems ok, but only if it is little extra
work, and does not hold up the rest. As has been said, users can usually
get a third-party NS record, and the Registrars usually have a manual
method to add the first DS record. This is a one-time event "per domain",
but on
Unfortunately, the reverse zone is very often out of reach for those who use the IP range and trying to do classless reverse delegation (RFC 2317) for those who have less than a /24 is even harder to get.Paul Sent using a virtual keyboard on a phoneOn Jun 21, 2022, at 23:30, rubensk=40nic...@dmarc.
On Tue, Jun 21, 2022 at 7:51 PM wrote:
>
> Hi.
>
> During a meeting today of ROW (https://regiops.net), the I-D on CDS
> bootstrapping by using a DNSSEC-signed name at name server zone (
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-bootstrapping/)
> was discussed.
> In that discussi
As a point of information, All the parent zones (the /8 and /12 RIR
delegations in in-addr.arpa and ip6.arpa) are now signed. Or should
be. it is possible a couple of stand-out /8 holdings aren't but thats
resolvable at some pain.
The problem would be that for CDN hosting instances of DNS, the upl
> On 22 Jun 2022, at 00:07, John Levine wrote:
>
> It appears that said:
>> -=-=-=-=-=-
>>
>>
>> Hi.
>>
>> During a meeting today of ROW (https://regiops.net), the I-D on CDS
>> bootstrapping by using a DNSSEC-signed name at name server
>> zone
>> (https://datatracker.ietf.org/doc/draft-
It appears that said:
>-=-=-=-=-=-
>
>
>Hi.
>
>During a meeting today of ROW (https://regiops.net), the I-D on CDS
>bootstrapping by using a DNSSEC-signed name at name server
>zone (https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-bootstrapping/)
>was discussed.
>In that discussion, it
Hi.
During a meeting today of ROW (https://regiops.net), the I-D on CDS
bootstrapping by using a DNSSEC-signed name at name server zone
(https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-bootstrapping/) was
discussed.
In that discussion, it was mentioned that the current draft only supp
11 matches
Mail list logo