On Apr 3, 2014, at 3:38 PM, bert hubert wrote:
> We hear from many operators that this has successfully mitigated the impact
> of this DoS both on them and on the target.
This is an interesting feature, but there are a couple of other considerations:
1. This attack traffic is in many cas
[Warning: sloppy terminology, for instance, "root" is not used in the
usual DNS meaning.]
http://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames-at-a-domains-root
Funny idea but it works only if your DNS is hosted at CloudFlare.
I was not able to find a real example: all th
On 04-04-14 11:20, Stephane Bortzmeyer wrote:
>
> http://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames-at-a-domains-root
>
> Funny idea
Indeed.
Until you want to use DNSSEC.
--
Marco
smime.p7s
Description: S/MIME Cryptographic Signature
__
On Apr 4, 2014, at 4:13 PM, Dobbins, Roland wrote:
> If customers are running older resolver code which sources queries from
> UDP/53, then this ACL will cause problems for them; utilizing flow telemetry
> to determine the likelihood of these corner-cases arising is very important,
> along wi
While CloudFlare did not give any credit to previous work done (which sort
of pisses me off, but whatever), they are essentially implementing the same
thing that Amazon did with their ALIAS implementation, the same thing that
we did with the DNSimple ALIAS implementation, and the same thing that
DN
Or one can add SRV or some other record that does the name
to server mapping and not have to do all this behind the
scenes stuff.
It's not like MX records didn't exist when the web was
created or that we weren't adding new records to the DNS.
Indir
>From: dns-operations-boun...@mail.dns-oarc.net ...
>Sent: Friday, April 04, 2014 5:20 AM
>To: dns-operati...@dns-oarc.net
>Subject: [dns-operations] Introducing CNAME Flattening: RFC-Compliant CNAMEs
> at a Domain's Root
>
>http://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-c
Stephane Bortzmeyer writes:
> I was not able to find a real example: all the companies mentioned in
> the article as being happy users have their Web server at CloudFlare,
> where this service is useless.
I agree, it is a little peculiar, with their anycast HTTP servers.
You can see that some of t
On 04/04/2014 06:23 AM, Anthony Eden wrote:
> While CloudFlare did not give any credit to previous work done (which
> sort of pisses me off, but whatever), they are essentially implementing
> the same thing that Amazon did with their ALIAS implementation, the same
> thing that we did with the DNSim
On 04/04/2014 06:54 AM, Mark Andrews wrote:
>
> Or one can add SRV or some other record that does the name
> to server mapping and not have to do all this behind the
> scenes stuff.
One would need to add several SRV records, if the host provided several
services. One would also
On Fri, Apr 4, 2014 at 4:36 PM, David C Lawrence wrote:
>
>
> Bring me a world in which SRV for HTTP without location bar
> redirection is commonplace, and we'd be happy to encourage its use.
>
I agree 100%. I'd much rather it be done on the client than to have to deal
with implementing it on our
On Fri, Apr 4, 2014 at 4:40 PM, David Miller wrote:
>
>
> > I've been thinking about writing an RFC for this, but I've never
> > actually done it, and it will take some time to do, however I think
> > defining how an ALIAS record will synthesize its response is probably
> > something we need at th
Anthony Eden writes:
> Ah, I didn't know that. Have you or others from Akamai ever written up
> anything about your implementation?
I doubt anything publicly, though we do have internal documentation.
There might have been a non-technical press release back in 2003, but
this routine of writing sem
This all smells like something that the IETF is suited to help with. I mean,
operators, multiple implementations, desires for interoperability...
(Jus'sayin')
From: dns-operations-boun...@mail.dns-oarc.net
[dns-operations-boun...@mail.dns-oarc.net] On B
On Fri, Apr 04, 2014 at 09:12:52AM -0700, Edward Lewis wrote:
> This all smells like something that the IETF is suited to help with. I mean,
> operators, multiple implementations, desires for interoperability...
it appears to me as one of these 'in the privacy of your own
bed^Wimplementation'
t
> From: David Miller
> Everything old is new again.
>
> I have this brand new earth shattering idea to suspend a seat on a frame
> between two wheels, attach a sprocket to the rear wheel, and by means of
> a chain between the rear sprocket and a rotating pedal assembly allow a
> user to sit on a
On Apr 4, 2014, at 2:20 AM, Stephane Bortzmeyer wrote:
> [Warning: sloppy terminology, for instance, "root" is not used in the
> usual DNS meaning.]
>
> http://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames-at-a-domains-root
>
> Funny idea but it works only if your DNS i
On Fri, Apr 04, 2014 at 01:24:03PM -0700, Matthew Ghali wrote:
>
> Second, to call this record synthesis a “CNAME” is a disservice to the
> industry.
While I agree with that (and was of course piqued by the lousy
description of why you can't have a CNAME at the apex -- err, sorry,
"root" -- of
In message <533ec5c4.4050...@tiggee.com>, David Miller writes:
> This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
>
> On 04/04/2014 06:54 AM, Mark Andrews wrote:
> >
> > Or one can add SRV or some other record that does the name
> > to server mapping and not have to do all this b
In message ,
Anthony Eden writes:
>
> On Fri, Apr 4, 2014 at 4:36 PM, David C Lawrence wrote:
> >
> >
> > Bring me a world in which SRV for HTTP without location bar
> > redirection is commonplace, and we'd be happy to encourage its use.
> >
>
> I agree 100%. I'd much rather it be done on the
In message <21310.50033.650900.982...@tale.kendall.corp.akamai.com>, David C Law
rence writes:
> Stephane Bortzmeyer writes:
> > I was not able to find a real example: all the companies mentioned in
> > the article as being happy users have their Web server at CloudFlare,
> > where this service is
Mark Andrews wrote:
> ... The big barrier is people saying "there is a big barrier"
sort of like EDNS, DNSSEC, IPv6.
i guess there's never time to do it right,
but always time to do it over?
vixie
___
dns-operations mailing list
dns-operations@li
22 matches
Mail list logo
