be insane to disable
TCP if you are serving a signed zone.
Mark
-- origin email --
From: Paul Wouters p...@nohats.ca
Reply-To:
To: zhanghai...@cnnic.cn zhanghai...@cnnic.cn
Cc: dnsop dnsop@ietf.org
Subject: Re: [DNSOP] draft-zhang-dnsop-weak-trust
package, I think the end-user
has the ability to decide to drop/accept it.
thanks
-- original email --
From: Matth�us Wandermatthaeus.wan...@uni-due.de
Reply-To:
To: dnsop@ietf.org
Subject: Re: [DNSOP] draft-zhang-dnsop-weak-trust-anchor.txt
Date: Fri, 30 May
@ietf.org
Subject: Re: [DNSOP] draft-zhang-dnsop-weak-trust-anchor.txt
Date: Sat, 31 May 2014 20:35:27 +1000
In message
, =?gb2312?B?1cW
6o8Cr?= writes:
The TCP is an optional protocal for DNS query at the auth name server side, a
nd is not mandatory,
so not every DNS service will support TCP.
so I
If the verification is failed, it should response Bogus
If the resolver do not get enough data to do the verification, then the
resolver which weak trust anchor should be response with insecure DNS
package. it is up to end-user or netizens to decide what to do next.
If the resolver didn't
On Sat, 31 May 2014, 张海阔 wrote:
I think it is the problem which came from UDP protocal. It maybe better
if this problem can be handled in UDP protocal
It appears you have a solution that is looking for a problem or an excuse
to get deployed.
Of cause, all of problem which I mentioned in the
Hi everybody here,
A new version of I-D, draft-zhang-dnsop-weak-trust-anchor-00.txthas been
successfully submitted and posted to the?IETF repository.?Name:
draft-zhang-dnsop-weak-trust-anchorRevision: 00Title: Weak Trust
Anchor IntroductionDocument date:
Hi,
Section 4:
If the resolver was
configured with a weak trust anchor and got nothing after sending a
request with DO bit set, then it should clear DO bit in the EDNS0 in
the query message and query again to the authoritative name server.
So it could receive a normal DNS
In message 5388821c.8000...@uni-due.de, =?ISO-8859-1?Q?Matth=E4us_Wander?= wr
ites:
Hi,
Section 4:
If the resolver was
configured with a weak trust anchor and got nothing after sending a
request with DO bit set, then it should clear DO bit in the EDNS0 in
the query message
On Fri, 30 May 2014, zhanghai...@cnnic.cn wrote:
Name: draft-zhang-dnsop-weak-trust-anchor
URL:
http://www.ietf.org/internet-drafts/draft-zhang-dnsop-weak-trust-anchor-00.txt
Status: https://datatracker.ietf.org/doc/draft-zhang-dnsop-weak-trust-anchor/
Htmlized:
On Fri, May 30, 2014 at 02:11:45PM -0400, Paul Wouters wrote:
Note also that for this problem, there is already a commonly deployed
solution at the application level that addresses this situation, such
as https://www.nlnetlabs.nl/projects/dnssec-trigger/ which will inform
the user the network
10 matches
Mail list logo
