Eric Vyncke \(evyncke\) writes:
> Redirecting to DNSOP@ietf.org, which is a more suitable place than the
> concluded dnsext WG.
I dunno what my standing is in this whole thing, but would like to
observe that when it went by in dnsext I thought to myself, "Yes, this
should be accepted."
> Reported
I anticipate that Ralf Weber will be chiming in, but if your issue is
that Akamai authorities don't seem to be giving you ECS-mapped answers
despite a valid ECS option, this is expected if you don't have an
agreement with them.
Akamai doesn't (or at least didn't, for a long time) allow ECS options
Victor Zhou writes:
> It's extremely hard, however, to show the world that some new RR Type = N has
> been used by many services and clients for a specific use case and in a
> certain
> way. That's why we are intending to come up with a way to show early adoption,
> begin early adoption, and then
Shumon Huque writes:
> Section 8, para 4: Is there a reference for the 'so-called Water Torture
> attacks'? As a native English speaker, I know what that means, but it
> isn't
> clear to me that others will understand.
>
> Let me see if I can find one. I did request a reference f
John Levine:
> But this is a span of hashes. If you don't have the whole zone hashed,
> how are you going to find the span? If you do have the whole zone hashed,
> that doesn't sound like on-line signing.
There are definitely online-signing implementations where the names
are easy en
I would like to see the Generalized Notify document proceed.
___
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
Stephane Bortzmeyer writes:
> So, when a responder knows both version 0 and some higher version (say,
> version 1), can it reply to a EDNS=0 query with a EDNS=1 response? Can
> we use that for greasing?
I agree with your reading. 6.1.3 seems quite clear that request = 0
and response = 0-255 is le
David Dong via RT writes:
> As a designated expert for the Service Parameter Keys (SvcParamKeys)
> registry, can you review the proposed registration modification in
> draft-ietf-tls-svcb-ech-06 for us? Please note that Benjamin
> Schwartz is a co-author on this document.
Yes, the request is rev
Warren Kumari writes:
> Robert, if you'd like to propose standardizing SHA-512 for use in DS
> records please propose this in an Internet Draft — there is a
> helpful page here:
> https://authors.ietf.org/en/home
And if you do, note that next unassigned algorithm value is 7, not 5.
5 is GOST R 34
Distribution trimmed down to just dnsop, where the question is most
pertinent.
Paul Wouters writes:
> Of course even better is using RFC 7901 Chain Query and run the few
> signature validations yourself.
Related, is there any notable software out there that does 7901? I
started implementing it i
I have read the most recent version of the document and am strongly in
favor of its publication as a proposed standard. I want my NXDOMAINs
back.
I have little substantive feedback on the text, mostly personal
editorial preferences that are not worth fussing about.
That said, is "lexicographic s
Suzanne Woolf writes:
> This message starts a Call for Adoption for "Greasing Protocol
> Extension Points in the DNS" (see
> https://datatracker.ietf.org/doc/draft-huque-dnsop-grease/)
Please adopt the draft as a wg doc.
___
DNSOP mailing list -- dnsop
Joe Abley writes:
> > Would it be recommended to do a proposal that use either RRtype
> > (TXT or WALLET) or choose one?
>
> I haven't read your proposal and don't have an opinion on that. I
> agree that it sounds like a good question for you to ask yourself.
You don't have an opinion on using
--- Begin Message ---
Peter Thomassen writes:
> I still disagree with the characterization of NXDOMAIN as a
> resolution error. That's like characterizing a red street light as a
> driving error.
Just got back from PTO so apologies for the lag. I wanted to heartily
agree with this comment from P
Hello, per this:
> ===> Script "configure" failed unexpectedly.
> Please report the problem to k...@freebsd.org [maintainer] and attach
> the "/usr/ports/devel/cmake-core/work/cmake-3.30.2/config.log" ...
I would attach a config.log but there is none in that directory.
Attached is the errors le
--- Begin Message ---
Do the question in the subject, we really can't tell whether it was
"DNS pollution" or not. Maybe?
It's not what either the daum.net servers nor the resolver that you
used (208.67.222.222, Cisco's Umbrella as you mentioned) are currently
responding.
Currently they are respo
Wessels, Duane writes:
> I’m not sure about this. Since every zone will have a SOA record,
> and every SOA record will have a serial value, I suppose the question
> becomes whether or not a serial number is “meaningful”. I don’t know
> how a name server would determine meaningfulness.
When I f
Jim Reid writes:
> IMO documenting the trade-offs in response sizes could be a better
> option. ie if the response > X, it breaks foo; if it’s > Y it breaks
> bar.
I agree with the approach of limiting discussion of limits to
recommendations. I am not a fan of enforcing lower limits in the wire
Paul Vixie writes:
> somebody asked me a few months ago why "it's always dns"? meaning,
> why are so many mysteries and outages ultimately traced down to
> something broken in dns?
Personally, even despite having the relevant haiku as my desktop
background, I push back on this when it rears its h
Ray Bellis writes:
> I get the impression with DELEG on the horizon that there's a shift
> towards the parent side data being considered more "authoritative" even
> though in protocol terms it explicitly isn't.
Yes and no; there's a bit of nuance to ferret out here. This is part
of the original
Willem Toorop writes:
> Should RFC 8767 stale data be ranked differently than fresh data?
> Should EDNS Client Subnet play into ranking?
>
> I like your thinking! Yes, fresh data should replace stale data in
> resolver caches
It's basically A- in your draft's hierarchy, I think, though th
Shumon Huque writes:
> The draft allows (but does not proscribe) NXDOMAIN to be inserted
> into the Rcode for non DNSSEC enabled responses. I guess the main
> reason for not being proscriptive was what I mentioned - there were
> deployments in the field that didn't. But I'm amenable to tightening
>
Shumon Huque writes:
> I've been told the other way is confusing too - we get a different response
> depending on the value of the DO flag. Since it isn't clear to me which way
> is the least worse, I'm fine with leaving the text as is.
Of course, we already get different responses depending on wh
Stephane Bortzmeyer writes:
> > One current implementation does not differentiate DO=0 vs 1 and gives the
> > same NODATA answer for both cases.
>
> Yes. I see no practical problem with that but, from a philosophical
> point of view, it disturbs me. Naive clients may make wrong
> conclusions from
Mark Andrews writes:
> Ed, your reasoning is off. The point of forbidding is to allow the
> validator to safely stop as soon as possible when it is under
> attack.
Uh? Why can't any DNS server safely stop as soon as possible when it
is under attack?
Count me in the "we don't need a protocol cha
Welcome to the December and January edition of the Engineering
Effectiveness Newsletter! The Engineering Effectiveness org makes it easy
to develop, test and release Mozilla software at scale. See below for some
highlights, then read on for more detailed info!
Highlights
-
Moz
Edward Lewis writes:
> Is there going to be an assumed "standard set" of keywords?
Yes. Currently it specifies using the Service Parameter Keys
registry:
https://www.iana.org/assignments/dns-svcb/dns-svcb.xhtml
> (And a defined manner to know how to deal with
> unknown-to-the-receiver keywords.
Philip Homburg writes:
> DNSSEC has a lot of moving parts that needed to be in place compared
> to DoH.
Yes, certainly there are many differences between the two, some of
which speak to the challenges of DELEG when looked at through the lens
of DNSSEC. The core point was that motivation as a fact
Paul Wouters writes:
> I tried to show some of of these in my "Costs of deleg" slide.
> A new RRtype has a fairly big cost meassures in years, both in
> terms of DNS software, DNS deployment and worse, in Registrar
> deployment for Registrant webui elements.
Unfortunately, I know of no good way to
Edward Lewis writes:
> The impact on the registration system wasn’t raised at the table.
Not entirely true. We did recognize that there'd need to be an EPP
draft too.
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
Mark Andrews writes:
> It’s a couple of lines of code in a nameserver to support QCOUNT=0.
> It will take more time debating this than it took to implement
> support for QCOUNT=0.
Miek Gieben writes:
> yes, please, the amount of code that duplicates checks for
> QDCOUNT!=1 is staggering, and that
> > in responses where there client didn't even use EDNS. 6891 permits
> > this,
>
> RFC6891 explicitly forbids this with a MUST NOT.
Ugh, you know, this is exactly what I told you in the hall yesterday
but then I actually went and looked when I was writing my last reply.
I wanted to emphasize a
Roy Arends writes:
> > Is this a novel risk presented by the proposal? Any more than, say, a
> > random subdomain attack targeted directly at the agent domain?
>
> Nope, not a novel risk, but it was added at the request of some
> security focused folk.
Fair enough, but out of your own self-int
Roy Arends via dnsdir writes:
> Why would you, as an implementor, guess?
Because you've only said only "responses", and then also provided a
document that largely talked about DNSSEC as examples. Clarifying
that is not intended only for DNSSEC reporting would be great.
If you really mean "all r
One last bit of wondering I have is about this paragraph from Security
Considerations:
"This method can be abused by intentionally deploying broken zones
with agent domains that are delegated to victims. This is
particularly effective when DNS requests that trigger error
messages are sent thro
Hello,
There's still one case where the "Show All"/"Show Range..." button in the
Log window does the wrong thing. For example, if you open two Log windows
that have the "Show All" button, but change one of them to "Show Range",
the second dialog will do the Show Range action even though its button
Dan McCombs via dns-operations writes:
> Ah, yes, so in this case the addresses given back when no edns
> subnet is provided are the addresses of servers in eu-west, whereas
> with the resolver's own IP (or /24 subnet, or the subnet of clients
> querying it) as the edns subnet gets more expected us
Peter DeVries via dns-operations writes:
> Another relevant draft:
> https://datatracker.ietf.org/doc/html/rfc8906
>
> Not sure how, it doesn't address _. as a use case at all and I only
> see testing for minimal EDNS not minimal qname.
The journey of that document was with, essentially, N
Peter DeVries via dns-operations writes:
> We almost blocked these because we didn't know what they were but then
> I stumbled upon one of the old RFC drafts for query minimization and
> it does mention this as a technique.
Why would you drop them if you had not stumbled on the old draft?
It is v
In the Log window, if you click "Show All" or "Show Range...", it does the
opposite action until you select an action from the submenu. The registry
is storing 1 or 2, but the initialization code is looking for 0 or 1 so
it's initializing the button with the wrong text.
--
You received this messa
One last change I'm making in our internal build of Tortoise SVN, if you
want it for the public release...
If the webviewer::revision property is set, copy revisions from the Log
dialog as clickable hyperlinks for applications that accept the CF_HTML
clipboard format like email, Slack, Jira, etc.
On Monday, February 13, 2023 at 8:35:41 PM UTC+1 Dave Lawrence wrote:
> Dang, after decades of using Tortoise I, just realized there are extra
> menu items when you hold down shift! How about we add this new command
> right after Show Log with the ITEMIS_EXTENDED flag? That would m
It looks like r29525 changes the behavior of Ctrl-Shift-C, which currently
copies the log without changed paths (done in the else statement.) I didn't
want to remove that behavior so I was adding separate hotkeys.
Here's what was missing from the patch if you want to try it again...
In resource.h
Add accelerators to the log window to copy revisions to the clipboard:
Alt-Ctrl-C or Ctrl-R.
Note, as far as I can tell, this code is obsolete so I removed it:
void CLogDlg::CopySelectionToClipBoard() const
{
if ((GetKeyState(VK_CONTROL) & 0x8000) && ((GetKeyState(L'C') & 0x8000)
== 0) &&
While I can see why you want such a feature, I think it's really not worth
adding yet another entry to the already very crowded context menu.
Also I don't quite see the reason to pop up a dialog asking for a revision
number. Wouldn't it be enough to just show the log for the repo root? You
can t
sitoryRoot(cmdLinePath) the right way to get the root
path from an arbitrary path passed on the command line?
Thanks!
Dave Lawrence
--
You received this message because you are subscribed to the Google Groups
"TortoiseSVN" group.
To unsubscribe from this group and stop receiving
Welcome to the October and November edition of the Engineering
Effectiveness Newsletter! The Engineering Effectiveness org makes it easy
to develop, test and release Mozilla software at scale. See below for some
highlights, then read on for more detailed info!
Highlights
-
Zei
Dave Lawrence writes:
> It helps us avoid that awkward period at the start of the
> meeting where chairs tearfully beg
Seriously, it's not a good look. I'm an ugly crier.
Having gotten no email replies, I'm now holding out hope that someone
will arrive in the room and quic
It would be wonderful if we could have volunteers in advance for a
scribe, and ideally a backup scribe, for tomorrow's joint add/dprive
session. It helps us avoid that awkward period at the start of the
meeting where chairs tearfully beg whilst the assembled masses avert
their eyes and look busy w
Puneet Sood writes:
> Jaap up-thread used fpdns to figure out the first question.
> fingerprint (e.ns.email.sonyentertainmentnetwork.com, 207.251.96.133): DJ
> Bernstein TinyDNS 1.05 [Old Rules]
Subtle correction: to figure out one possible answer to the first question.
___
Greg Choules via dns-operations writes:
> I am including in this mail the RNAME from the SOA (same for both
> zones) in the hope that someone who is responsible for DNS at Sony
> entertainment will see this and take note.
And tell us what in the world DNS software they're running, and why
they cho
I am not in favour of yet another change to DNSSEC bits without a much
larger demonstration of value than what this proposal has. It's not
that I think this one has no value, I just think that the bulk of its
value is achievable via other mechanisms.
While it is true that there could be more user
I'm in favour of working group adoption for this draft. It provides
important clarifications for the interaction of DANE and SVCB.
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
> ARIN controls the root servers for this region do they not.
> Without the root servers nothing gets routed.
Wait, what?
___
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net
--- Begin Message ---
Vix said:
> https://www.icann.org/en/system/files/files/sac-053-en.pdf
Yep, thanks for bringing it up. Genuinely appreciated.
I'm aware "SSAC also recommends that the use of DNS resource records
such as A, , and MX in the apex of a TopLevel Domain (TLD) be
contractually
Viktor Dukhovni writes:
> Single label names passed to getaddrinfo(3) should not result in single
> label "A" or "" DNS queries.
http://ai./
Admittedly a rarity, and in general problematic in other contexts. My
own corporate VPN won't even allow a proper DNS lookup of it (or any
address look
Dave Lawrence via dns-operations writes:
> I accept that the only way to really capture
> all of these queries into the global DNS is via a delegation,
Brian Dickson reminded me of his CNAME proposal earlier in the thread,
and I think that is also an approach worth further investi
Welcome to the May edition of the Engineering Effectiveness Newsletter! The
Engineering Effectiveness org makes it easy to develop, test and release
Mozilla software at scale. See below for some highlights, then read on for
more detailed info!
Highlights
-
Welcome to Graham w
--- Begin Message ---
Vladimír Čunát writes:
> If the root zone is unchanged, many names could be hidden before
> reaching root servers - by DNSSEC aggressive caching and/or various
> local-root variants. (I'm not sure if we can well measure the extent to
> which this happens.)
That's an inter
John R Levine writes:
> Unfortunately, now we've circled back to where we started. Remember that
> the NC in NCAP stands for Name Collision, and the whole point of the
> project is to figure out how risky it is to add familiar looking new
> names.
I seem to be exceptionally derpy right now, bu
Edward Lewis writes:
> >Unrelated, or just less correlated than you might otherwise imagine?
>
> Unrelated.
>
> I'd studied an event which made it apparent that resolvers vastly
> ignored the long TTLs in play. At the time I learned that two
> popular strains of resolver code had an "interna
Edward Lewis writes:
> I once did some work [that could not be made public] where I began
> to suspect that the two were unrelated.
Unrelated, or just less correlated than you might otherwise imagine?
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscripti
dow if it isn't already included in the existing list of revisions.
Besides bypassing the bug, this will make the behavior consistent whether
the revision is cached or not.
Thanks!
Dave Lawrence
--
You received this message because you are subscribed to the Google Groups
"TortoiseSVN&qu
Anand Buddhdev writes:
> We propose to lower, in the first quarter of 2022, the TTL on NS records
> to 86400 and on DS records to 3600.
I am in favor of this change. I'd also like if the change was
accompanied by measurements of the effect on the relevant
authoritative nameservers to determine w
Michael Sinatra writes:
> I was dead in the water with slack, and upon issuing an 'rndc flush
> slack.com' to my home DNS resolver, and then doing same to $dayjob (for
> those using our VPN), everything cleared up. I'll let everyone here
> draw inferences.
No inferences needed; that was the ri
Shreyas Zare writes:
> And all of the 3 CNAME records are within the zone cut for the
> received SOA. To make the resolver work with this issue, the
> negative cache implementation had to be removed for CNAMEs with
> NXDOMAIN case.
To be clear, and this could well be something that community was
Viktor Dukhovni writes:
> Well, in this particular case queryes with rtype DS for "cfe.uber.com"
> do get NXDOMAIN, while queries of type NS do not.
Ooh my bad. Yeah, that's hard broken. I can guess at the code
path that is causing this set of symptoms, and expect that at least
that until the
Paul Vixie writes:
> On Sun, Aug 08, 2021 at 03:20:24PM +0530, Shreyas Zare wrote:
> > ... The resolver I have does restart for the last CNAME regardless
> > of the RCODE but, the negative cache implementation based on RFC2308 and
> > RFC8020 caused the NXDOMAIN response to get cached causing the i
I agree with Viktor that the parent should have delegation records for
the same-server child, but note that response with the rcode NXDOMAIN
for a CNAME chain shouldn't be causing a problem for a modern
resolver. A resolver should restart query processing with the target
of each CNAME in the chain
Stephane Bortzmeyer writes:
> Clearly Akamai Edge. They acknowledged it on their status site "a
> software configuration update triggered a bug in the DNS system, the
> system that directs browsers to websites. This caused a disruption
> impacting availability of some customer websites."
When we D
Klaus Darilion writes:
> Are there any tools (bash, php ...) which accepts single
> RRSIG RR and single DNSKEY RR and does the validation?
dnsviz can be run on the command line for pre-delegation testing,
using staged DNSSEC data as necessary.
https://github.com/dnsviz/dnsviz
https://indico.dns
Tony Finch writes:
> > So, what are people's favorite tools, especially those that you can just
> > point a user at?
>
> I wouldn't point a user at any of these unless I think they have a good
> amount of DNS expertise :-)
Indeed. I recently had to field a complaint that invoked an analysis
by h
Our friend and colleague Dan Kaminsky has passed away of complications
from diabetes. He was the discoverer/inventor of the DNS
vulnerability that came to bear his name, the ability to take over
whole swaths of domains much more easily than had previously been
thought possible.
Announcement from
Paul Vixie writes:
> do you know for a fact that someone who argued the GDPR case was in
> fact carrying water for verisign?
No, I don't. To be clear that is not what I was asserting. "Carrying
water" has a derogatory connotation that has never been in my mind
about this whole thing, either then
To me, Andrew's retelling of the facts but for the emphasis.
There's stated reasons, then there's the motivating reasons. GDPR was
useful in making the argument, but Verisign and the pain of .com were
the real motivation.
___
dns-operations mailing list
A few recent analyses I've done at DNSViz have had warnings like
these:
com/DS (alg 8, id 30909): The server appears to support DNS
cookies but did not return a COOKIE option. (192.5.5.241,
UDP_-_EDNS0_4096_D_KN)
Now I realize that F-Root is a large, heterogeneous set. Any idea
which
I'm not really following your logic, Andrew (or Mark), for how
applying IDNA rules is relevant to interpreting the labels in
question.
Yes, I read your cited text from RFC 5890, but still am not grokking
how it is relevant for dig choking on -.house.gov just because IDN
output is enabled. It seem
Paul Hoffman writes:
> I started this thread with:
>dig +dnssec +noidnout anynameyouwant.house.gov a
> Try that without the +noidnout option.
Interesting. FWIW at first I saw no problem, because my MacBook has
an older version of dig in /usr/bin. On my server with 9.16.10,
though, the proble
Paul Hoffman writes:
> I am using tools that expect host names instead of domain names (in
> this case, dig);
I think I must be misunderstanding something, or at least haven't
imagined widely enough the possibilities of your meaning here. dig
has a particular expectation for hostnames either owni
Thanks for the work on this, Stephane, Ralph, and Paul.
Could you please clarify explicitly what should happen in the case of
encountering CNAMEs? Or DNAMEs?
The way I read it, at least for CNAMEs, is that you just keep
prepending labels to the ANCESTOR name so encountering the CNAME is in
pract
the following changes have been pushed to bugzilla.mozilla.org:
(tag: https://github.com/mozilla-bteam/bmo/tree/release-20201014.1)
https://bugzil.la/1669330 : Should not be possible to override bug
type requirement when submitting a bug using
APIhttps://bugzil.la/1665646 : Make it clear when a bu
Peter van Dijk writes:
> Apparently the trailing dot "thing" never hits the wire?
> That is correct. The DNS protocol has no concept of a trailing dot being
> present or not.
Or to put it another way, language is tricky and I'd say that DNS on
the wire always has a trailing dot and has no con
Stephane Bortzmeyer writes:
> P Vixie wrote
> > you know that the plural of anecdote isn't data:
>
> I recently discovered this english word and I love it:
> https://en.wiktionary.org/wiki/anecdata
And one link more of relevance:
http://blog.danwin.com/don-t-forget-the-plural-of-anecdote-is-d
https://bugs.kde.org/show_bug.cgi?id=425214
Dave Lawrence changed:
What|Removed |Added
Status|REPORTED|RESOLVED
Resolution
https://bugs.kde.org/show_bug.cgi?id=425214
Bug ID: 425214
Summary: running krdc resets KDE's "global scaling" to 100%
Product: krdc
Version: 19.12
Platform: Ubuntu Packages
OS: Linux
Status: REPORTED
Seve
Kim Davies writes:
> Nothing in this proposal prejudices changes to how the KSK for the
> "arpa" zone may evolve in the future. I would suggest any effort
> to define new baseline requirements for the "arpa" KSK be handled
> separately as they are distinct from the objective of this draft. The
> go
Viktor Dukhovni writes:
> Interesting. I would have expected the RDATA to just be opaque bytes
> when stored, and the server to return what ever it had, e.g.:
>
> _25._tcp.smtp.example.com. IN TLSA #2 0001
> _25._tcp.smtp.example.com. IN RRSIG TLSA ...
>
> and let the client deal with ma
Brian Somers writes:
> Heh, mail.protection.outlook.com has consumed many hours of my time
> in the past month :(
The actual MTA itself is a bit vexsome, as well. I've had a message
stuck in queue for several days now because "lost connection ... while
sending message body".
Even thought the m
I support adoption, with the caveat that either the draft name should
be updated with something like s/powerbind/delegation-only-dnssec/, or
the draft should describe why it is being called "powerbind".
___
DNSOP mailing list
DNSOP@ietf.org
https://www.i
the following changes have been pushed to bugzilla.mozilla.org:
(tag: https://github.com/mozilla-bteam/bmo/tree/release-20200416.2)
https://bugzil.la/1622311 : For security bugs, link the security issue
banner to
https://wiki.mozilla.org/Security/Bug_Approval_Processhttps://bugzil.la/1626543
: So
Calvin Browne writes:
> does anyone here know how 8.8.8.8 handles recursive glueless situations?
The Google folks are on the list and undoubtedly will answer, but I'm
still curious about what even prompts the question.
If it's actually missing glue -- NS records that are under the
delegation poin
Ángel writes:
> I have seen the opposite problem than the op, servers returning NXDOMAIN
> when there are actually child records, and they should have returned
> NODATA, such as querying _domainkeys.
Right, this is absolutely a problem too, with the practical
consequence that it thwarts qname mini
Wesley Peng writes:
> My question is about their implementation.
> Does it mean any domain ending with .idk went to an interface, this
> interface queried the domain part before .idk from wikipedia, then
> returned a URL redirection to some other website?
Pretty much yes. They take the page th
Matthew Richardson writes:
> However, is this going to cause any practical problems?
Even outside DNSSEC, where it absolutely would be a problem, there are
some context for specialty applications where the difference between
the two types of negative answers is meaningful. The examples I can
thin
Denesh wrote:
>> Interestingly enough, the Super 7 - part of the IAO - who ensured
>> web addresses were real... were the main topic in the episode Ill
>> Tidings of Sherlock inspired US TV show Elementary .. I think it was
>> around 4 years ago.
I'm surprised I never heard of it at the time.
ht
Grant Taylor via dns-operations writes:
> I fail to see how any government would prevent the necessary parties
> from attending if / when they fully understand the need. Especially
> when some of said governments have directives ~> mandates for use of DNSSEC.
It could turn into a real-life mov
Who from the community is at eNom these days? Looking for a higher
level operations contact. Thanks.
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Florian Weimer writes:
> How would a DoH client know that the recursive resolver is “forbidden
> to forward” ECS data?
It doesn't know clearly. All it knows is that if it gets REFUSED when
it sends a prefix outside its own address space, then something was
wrong. If that then succeeds it can onl
Dave Lawrence added the comment:
traced to be a duplicate of https://bugs.python.org/issue28267
--
resolution: -> not a bug
stage: -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Dave Lawrence added the comment:
by redefinining the Py_DECREF macro in my application:
#define Py_DECREF(op) do { if (--op->ob_refcnt == 0) fprintf(stderr, "DECREF
%s %d %p %d %s %p\n", __FILE__, __LINE__, op, Py_SIZE(op),
Py_TYPE(op)->tp_name,Py_TYPE(op)->tp_deallo
1 - 100 of 278 matches
Mail list logo
