In message <>, George Michaels
on writes:
> On 21/02/2013, at 6:46 AM, Mark Andrews <> wrote:
> > 
> > While I think we should adopt the document I have grave concerns
> > about it.
> > 
> > * there is no demonstrated need for it.
> thats opinion, not fact Mark. 'demonstrated need' stems from other 
> people's desires.
> >
> you might as well come out and say you think AS112 has no demonstrated 
> need, as say this draft has no role in administration of AS112.
> I tend to another opinion. I think this draft identifies a sensible path 
> to making AS112 servers respond the way we want.
> > * it is likely to interact badly with validating resolvers especially
> >  when there are lots of labels in the qname below the delegation to
> >  these servers.
> AS112 is designed to offer a quick termination of query hunting to a 
> non-value.
> Can you explain how this fails to be satisfied by a wildcard response, 
> when we are seeking to divert a query WHICH CANNOT BE ANSWERED IN THE 
> WIDER NET to a 'not' answer? 

It's not a wild card response.
> the internal side of anyone who has valid delegation of a domain which =
> has hit an AS112 can have as much DNSSEC as they want. its everyone =
> else, who sees the sideblow queries who needs this.

It's the impact on those that are validating but don't have default
local zones of equivalent.

There a 30 delegations between and the full reverse
of a ULA under this proposal.  Hunting for missing DS records will
hit every one of them.

> I am probably being thick. can you do an illustrative instance of what 
> you mean here?
> > * it changes the response from NXDOMAIN to NOERROR NODATA.
> And why is that "wrong" ? I dont understand what you see as the outcomes. 
> more query? bad DNS? load?

For much the same reason that *.COM was bad.  You *will* break things
that you are unaware of.
> > If we have to build special servers can't they periodically transfer
> > a list of zones they need to serve rather than return what is
> > essentially the wrong answer?
> the back-end administration has proved fraught.
> btw, I continue to collect data on the volume of ULA, link-local, teredo 
> traffic in reverse, and it continues to grow..

And the traffic stats are where?
The analysis of the recursive servers that are sending this traffic is where?
Vendor, version, isp.
Is it worth adding the terado prefix to locally served zones registry?

> -George
> > 
> > Mark
> > -- 
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742                 INTERNET:
> > _______________________________________________
> > DNSOP mailing list
> >
> >

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET:
DNSOP mailing list

Reply via email to