Tony Finch wrote on 2019-02-15 01:47:
...
We have local stealth secondary copies of our zones on our recursive
servers which helps to some extent, except when downstream validators want
to get the chain of trust. But serve-stale should help.
prefetching or leasing or rrset subscription is e
On Fri, Feb 15, 2019 at 4:59 AM Stephane Bortzmeyer
wrote:
> On Thu, Feb 14, 2019 at 01:57:14PM -0800,
> Paul Vixie wrote
> a message of 42 lines which said:
>
> > the fact that i have to hotwire my RDNS cache with local zone glue
> > in order to reach my own servers when my comcast circuit is
On Thu, Feb 14, 2019 at 01:57:14PM -0800,
Paul Vixie wrote
a message of 42 lines which said:
> the fact that i have to hotwire my RDNS cache with local zone glue
> in order to reach my own servers when my comcast circuit is down or
> i can't currently reach the .SU authorities to learn where V
Paul Vixie wrote:
> unbound has pioneered a bit of this by automatically refetching data that's
> near its expiration point.
BIND also does this, it's on by default.
I'm not a fan of RFC 7706 because I think it's redundant wrt prefetch
(HAMMER), NXDOMAIN synthesis, and (to a much smaller extent
Paul,
On Feb 14, 2019, at 1:57 PM, Paul Vixie wrote:
> 7706 is wrong headed on a number of levels, but its worst offense is to think
> that the root zone is special.
Operationally, the root zone actually is special. It is, after all, the
starting point of the name space. As far as I can tell,
On Thu, Feb 14, 2019 at 04:05:22PM -0800, Paul Vixie wrote:
> nope. because it did not prototype any partial replication. i'm not
> going to mirror COM because i need it to reach FARSIGHTSECURITY.COM.
I didn't say anybody's going to mirror COM, I said I suspect zone
mirroring will find application
Grant Taylor wrote on 2019-02-14 18:27:
Please explain how "warm storage" relates to priming issues. Does
warm mean that it's something you have queried? Or does it also
include pertinent (meta)data for interesting things (but not
everything) that you've not yet queried?
i don't expect any
You are welcome. I think, modulo minor differences in terminology, we are
saying pretty much the same thing.
pragmatically, DNS infrastructure dependencies can not be maintained and
work on data resiliency is where the useful work lies.
/Wm
On Thu, Feb 14, 2019 at 5:51 PM Paul Vixie wrote:
>
>
On 2/14/19 6:51 PM, Paul Vixie wrote:
i want the metadata i need to reach and trust assets on my side of any
connectivity loss event, to be kept in warm storage, and made subject to
trusted invalidation on an opportunistic basis, at the discretion of the
authority operators who own the data i h
william manning wrote on 2019-02-14 17:35:
so, you would like the DNS to be resilient enough to "see" what was
topologically reachable and build a connected graph of those assets?
no. that's not possible, and not desireable in any case.
I think that has been done, both academically and in a
so, you would like the DNS to be resilient enough to "see" what was
topologically reachable and build a connected graph of those assets? I
think that has been done, both academically and in a more limited way,
commercially, but its not called DNS so as not to upset the DNS mafia. Or
do you want s
Evan Hunt wrote on 2019-02-14 15:56:
On Thu, Feb 14, 2019 at 01:57:14PM -0800, Paul Vixie wrote:
indeed nothing which treats the root zone as special is worth
pursuing, since many other things besides the root zone are also
needed for correct operation during network partition events.
This
On Thu, Feb 14, 2019 at 01:57:14PM -0800, Paul Vixie wrote:
> indeed nothing which treats the root zone as special is worth pursuing,
> since many other things besides the root zone are also needed for
> correct operation during network partition events.
This point is well taken, but sometimes t
On Thu, Feb 14, 2019 at 01:57:14PM -0800, Paul Vixie wrote:
> unbound has pioneered a bit of this by automatically refetching data
> that's near its expiration point.
[...]
> _that_ would be complexity worth its cost. 7706 was not. HAMMER is not.
I'm confused, what's the difference between HAMME
Mark Andrews wrote on 2019-02-14 14:13:
...
the fact that i have to hotwire my RDNS cache with local zone glue in order to
reach my own servers when my comcast circuit is down or i can't currently reach
the .SU authorities to learn where VIX.SU is, should not only concern, but also
embarrass
> On 15 Feb 2019, at 8:57 am, Paul Vixie wrote:
>
> 7706 is wrong headed on a number of levels, but its worst offense is to think
> that the root zone is special. we need dns to have leases on its delegation
> chain including glue and dnssec metadata. everything you might need to use in
> or
7706 is wrong headed on a number of levels, but its worst offense is to
think that the root zone is special. we need dns to have leases on its
delegation chain including glue and dnssec metadata. everything you
might need to use in order to reach a zone authority and trust its
results should be
17 matches
Mail list logo
