Hi Casey,
* Casey Deccio [2020-02-18 15:54 (-0700)]:
On Feb 17, 2020, at 1:37 AM, Marco Davids (Private) via dns-operations
wrote:
Op 14-02-2020 om 16:09 schreef Vladimír Čunát:
For me personally, the old historical data isn't much interesting. What
I'm missing most is the feature of sendi
I've been doing some examinations of ip6.arpa and in-addr.arpa as part of other
work and I'd say they are pretty darn clean as they are. So I (too) am curious
what would be needed as part of a "Flag Day" level clean up.
I'm looking at the delegation information in the two zones and the informat
Edward Lewis wrote:
>
> I'm looking at the delegation information in the two zones and the
> information at the zones they delegate. As far as delegations from
> those zones to RIR run zones, I'd say they are perfect.
Except that ARIN and LACNIC use RSASHA1 :-(
Tony.
--
f.anthony.n.finchht
Well, let’s look at the real netblock, shall we? (‘cause I have nothing to
hide)
You can see for yourself at
https://dnsviz.net/d/108.158.in-addr.arpa/dnssec/
1. There are old DS keys from .arpa to in-addr.arpa still dangling around.
2. 158.in-addr.arpa is still using ‘Algorithm 5’
3. Even though
On Wed, 19 Feb 2020 at 11:43, Pirawat WATANAPONGSE wrote:
> Well, let’s look at the real netblock, shall we? (‘cause I have nothing to
> hide)
> You can see for yourself at
> https://dnsviz.net/d/108.158.in-addr.arpa/dnssec/
>
>
I don't really see any of these things as flag-day level problems.
Pirawat WATANAPONGSE wrote:
>
> 1. There are old DS keys from .arpa to in-addr.arpa still dangling around.
This might be part of a rollover plan (I don't track changes to .arpa so
I can't tell how old the DS records are)
> 2. 158.in-addr.arpa is still using ‘Algorithm 5’
Yes, this needs fixing.
I think the reaction you are getting is due to the call for a "DNS Flag Day"
and not the issues you are experiencing. On this list (DNS-operations), DNS
Flag Day (2019) was a significant event involving many implementations of the
DNS protocol to adhere more closely with the specifications of t
> On 20 Feb 2020, at 03:36, Pirawat WATANAPONGSE wrote:
>
> Well, let’s look at the real netblock, shall we? (‘cause I have nothing to
> hide)
> You can see for yourself at https://dnsviz.net/d/108.158.in-addr.arpa/dnssec/
>
> 1. There are old DS keys from .arpa to in-addr.arpa still dangling
So, I'm sitting in a hotel in Melbourne (APRICOT20), trying to get
some work done[0].
They have a captive portal which a: logs you our fairly often and b:
requires you use their DNS server. Ugh, but OK.
..but, they have managed to invent some new, and interesting failure
mode - if I look up a nam
