Re: [DNSOP] Fwd: New Version Notification for draft-bellis-dnsop-xpf-00.txt

On 06/01/2017 18:43, Wessels, Duane wrote: > Hi Ray, > > The idea of "X-Forwarded-For" for DNS makes me nervous, but it is > probably inevitable. > > It is of course quite similar to EDNS client subnet, except that > there is no masking and the client cannot opt-out. Might be worth > saying in

Re: [DNSOP] Fwd: New Version Notification for draft-bellis-dnsop-xpf-00.txt

On Fri, Jan 06, 2017 at 06:43:30PM +, Wessels, Duane wrote: > When a server receives the option from a non-whitelisted client, it > MUST return a FORMERR response. +1 -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ DNSOP

Re: [DNSOP] Fwd: New Version Notification for draft-bellis-dnsop-xpf-00.txt

For folk wondering what Ray is referring to below, I posted this to the DPRIVE (dns-privacy@) list last night. I was originally going to CC dnsop@ but cross-posting leads to many "your message could not be delivered, you aren't subscribed" errors. The obvious, bestest solution would just be for

Re: [DNSOP] Fwd: New Version Notification for draft-bellis-dnsop-xpf-00.txt

> On Jan 6, 2017, at 6:49 AM, Ray Bellis wrote: > > Spurred on by Warren's announcement of a Docker image that uses NGINX to > proxy TLS connections into DNS servers that don't natively support TLS, > I've just written up this short draft describing an EDNS0 option that > allows

Re: [DNSOP] Fwd: New Version Notification for draft-bellis-dnsop-xpf-00.txt

On 06/01/2017 18:01, Robert Edmonds wrote: > It can be rev'd in the same document that introduces a DNS address RR > for that address family :-) Fair enough! I'll rely on you to remind me when the time comes ;-) Ray ___ DNSOP mailing list

Re: [DNSOP] Fwd: New Version Notification for draft-bellis-dnsop-xpf-00.txt

Ray Bellis wrote: > Yes, that seems like a reasonable suggestion, although it would be a > shame to have to rev the doc if another IP version should even happen to > be introduced in the future... It can be rev'd in the same document that introduces a DNS address RR for that address family :-)

Re: [DNSOP] Fwd: New Version Notification for draft-bellis-dnsop-xpf-00.txt

On 06/01/2017 17:28, Robert Edmonds wrote: > Hi, Ray: > > The values used by the "IP Version" field should be specified: > >IP Version: The IP protocol version number used by the client. > > Since the field is 4 bits long I would guess this field happens to be > the same as the version

Re: [DNSOP] Fwd: New Version Notification for draft-bellis-dnsop-xpf-00.txt

Ray Bellis wrote: > Spurred on by Warren's announcement of a Docker image that uses NGINX to > proxy TLS connections into DNS servers that don't natively support TLS, > I've just written up this short draft describing an EDNS0 option that > allows smart proxies to tell the backend server what the

[DNSOP] Fwd: New Version Notification for draft-bellis-dnsop-xpf-00.txt

Spurred on by Warren's announcement of a Docker image that uses NGINX to proxy TLS connections into DNS servers that don't natively support TLS, I've just written up this short draft describing an EDNS0 option that allows smart proxies to tell the backend server what the original client IP address