On Thu, Mar 7, 2013, at 09:29 AM, nudge wrote:
> On Wed, Mar 6, 2013 Vernon Schryver wrote:
> ...
> > I know of no way to use authentication on end user computers except
> > by something like installing a forwarding, caching DNS server on every
> > end user computer.
>
> What would be the effect
On Mar 7, 2013, at 12:02 AM, Joe Abley wrote:
> I don't think this is a necessarily harmful approach.
It isn't harmful - on the contrary, it's beneficial, because it keeps
out-of-bailiwick queries off the nameservers themselves in the first place It
is a BCP.
Thanks Mark, much appreciated!
Roy
On Mar 7, 2013, at 4:28 PM, Mark Andrews wrote:
>
> In message , Roy Arends writes:
>> [1] BIND responds with SERVFAIL to a query where the QNAME is longer than
>> 255 bytes. When all the servers for a domain are BIND, th
>> is often leads to a burst of requ
In message , Roy Arends writes:
> [1] BIND responds with SERVFAIL to a query where the QNAME is longer than 255
> bytes. When all the servers for a domain are BIND, th
> is often leads to a burst of requests, striped over all the authoritative
> servers for that domain. Naturally, a resolver sho
On Mar 7, 2013, at 7:06 AM, Edward Lewis wrote:
>
> On Mar 6, 2013, at 20:33, Paul Vixie wrote:
>> if the authority server in question is configured to be a primary or
>> secondary server for a zone which is at or above the qname, then the correct
>> answer is either authoritative-positive, au
OARC's 2013 Spring Workshop will be held on Sunday 12th, and the morning
of Monday 13th May 2013, in Dublin Ireland, at the same location as, and
immediately prior to the RIPE66 meeting.
Call for Presentations
---
We are soliciting presentations in all areas of DNS-OARC's
"Ope
> From: Edward Lewis
> We chose SERVFAIL instead of REFUSED for that - in the sense that the =
> service failed by sending the querier to the wrong place. I don't think =
> either is better than the other, just saying this because it's not =
> always clear what's the right RCODE.
It seems at be
On Mar 6, 2013, at 20:33, Paul Vixie wrote:
> if the authority server in question is configured to be a primary or
> secondary server for a zone which is at or above the qname, then the correct
> answer is either authoritative-positive, authoritative-negative, or servfail.
Or a non-authoritativ
On Wed, Mar 6, 2013 Vernon Schryver wrote:
...
> A few recursive servers such as those at 8.8.8.8 apparently want to
> attract requests from the whole Internet. I agree that most recursive
> servers should know their client bases by IP address or authenticating
> token, but in practice that has pr
