Hello,
On Aug 27, 2013, at 12:56 PM, Paul Hoffman wrote:
>
> ...but not all of them.
No feature / idea will ever catch all of them.
This should not let us from implementing some of the good ideas that are going
around. In fact, when I read 'an authoritative nameserver SHOULD NOT publish an
I agree, triggering some script after certain events and condition zone
acceptance to the result of the script is a nice approach. I like it.
On Aug 27, 2013, at 3:54 PM, Joe Abley wrote:
>
> On 2013-08-27, at 14:51, "UFJORw==" wrote:
>
>> That would mean having a full-fledged DNSSEC validato
On Aug 27, 2013, at 3:51 PM, "UFJORw==" wrote:
> On Tue, Aug 27, 2013 at 6:06 PM, Carlos M. Martinez
> wrote:
>> when I read 'an authoritative nameserver SHOULD NOT publish an invalid zone
>> _ever_', well, I was struck by how obvious this is, and a bit
On Aug 27, 2013, at 4:18 PM, "UFJORw==" wrote:
> On Tue, Aug 27, 2013 at 9:01 PM, Carlos M. Martinez
> wrote:
>> I mostly agree, but as someone pointed out, the zone operator will be
>> immediately (and painfully) aware of the mishap. Just as if you have a
>&
I run my own recursive server for my four machine network. So I guess
the answer is just, 'of course'.
On 10/14/13 2:08 PM, Paul Hoffman wrote:
> A fictitious 100-person company has an IT staff of 2 who have average IT
> talents. They run some local servers, and they have adequate connectivity
The problem that i see is that if you don't run your local DNS, then if
your link with the outside world goes down, you're essentially toasted
even for your own, locally hosted, services.
This may not be a concern if you live in the more developed parts of the
world, but down south here, trust me,
Agreed. However, at least in my experience, it is usually easy to
achieve high availability figures running a linux box on relatively
cheap hardware, while links are much less dependable. I've seen 400-day
plus uptimes on very cheap, dubious looking, PC clones.
Now that I think of it, rather than
Hello!
On 10/17/13 8:03 AM, Jared Mauch wrote:
>
> On Oct 17, 2013, at 4:09 AM, Daniel Kalchev wrote:
>
>>
>> On 17.10.13 00:12, Jared Mauch wrote:
>>> Even small networks (I have a friend with a ~100 user wisp) shouldn't run
>>> their own caches. The economics of it don't support this.
>>>
>>
I don't really think that is the ISPs business to 'correct' 'unwise'
behaviour on the part of equipment. The devil is in the details. What
does an ISP mean by 'correct' or what is 'unwise' ?
Whatever filtering you can currently seem a 'good idea' quickly becomes
abused, misunderstood and applied l
I'm on Randy on this... if we restrict the things protocols can / should
do to the lowest level of what applications support, we'll be empty
handed pretty quickly.
On 9/21/12 9:20 AM, Randy Bush wrote:
>> It would be nice if the IAB or IETF could issue some sort of "RRs in
>> single-label domain
gt; --
> Ondřej Surý -- Chief Science Officer
> ---
> CZ.NIC, z.s.p.o.--Laboratoře CZ.NIC
> Americka 23, 120 00 Praha 2, Czech Republic
> mailto:ondrej.s...@nic.czhttp://nic.cz/
> tel:+420.222745110 fax:+420.222745112
> -----------
>
Hi!
On 10/14/12 5:01 PM, Ondřej Surý wrote:
> On 14. 10. 2012, at 13:37, Carlos M. Martinez wrote:
>
>> That could be a really interesting project. I'm not sure how can I
>> contribute, but I'd love to see that happen.
> Even helping defining requirements (when we
I'm willing to bet there is no single set of 'actual working servers'.
And since they are recursive servers, there are no 'hidden master'
servers anywhere either.
Just a happy bunch of servers with the same IPs :-)
regards
Carlos
On 11/15/12 11:35 AM, Liu Mingxing wrote:
> How do you know where
Back in the day we all did weird things. I used to sysadmin the boxes
(yeah, all two of them :-) ) which served .com.uy and we allowed domain
names with underscores, like my_domain.com.uy
Actually there were quite a few of them and when we stopped allowing
that we had to weather a lot of complaint
Agree, but anyways checking suffixes is a bizarre and broken way of
validating an email. Just because a suffix exists it doesn't mean that
the domain exists, and if a domain doesn't exist because the TLD is
wrong or the 2nd level, or the 3rd level labels are wrong, the net
effect on the application
Sad but true :(
On 1/21/13 12:08 PM, Jim Reid wrote:
> On 21 Jan 2013, at 13:56, "Carlos M. Martinez" wrote:
>
>> I certainly hope that lousy web programmers start feeling the hot breath
>> of pissed off people who have just spent a gazillion dollars on their
>>
Mr. Pengel,
Is there a way for people interested in debugging this problem to get a
.CW email address. I wonder if there is any free webmail provider in the
island, or if your organization could provide a few test accounts under
some special-purpose domain.
regards,
~Carlos
On 1/20/13 8:55 PM,
On principle I would hate my ISP messing around with my traffic,
regardless of any good intentions.
regards,
~Carlos
On 2/25/13 3:26 PM, Graham Beneke wrote:
> I discovered the other day that a large customer of $dayjob has decided
> that it is a good idea to outsource the LAN support for their
It might sound stupid, but I firmly believe the main reason everyone is
now switching to Google's servers is that they are easy to remember and
to dictate over the phone.
In my case... (DSL provider at home), I have the choice of
200.40.230.245 or 8.8.8.8. Which one do you think my 63-year-old dad
Hi!
On 2/25/13 5:38 PM, Graham Beneke wrote:
> ... snip ...
>> Needless to say that if you add to the mix ISPs who are willing to mess
>> with your NXDOMAINs for a buck the deal is sealed.
>
> I have no interest in fiddling with the responses to that extent but
> where is the line? ;-)
Is th
I know. And I agree. But we are all seeing people going to 8.8.8.8, even
people at home.
So maybe having an alternative you can locally 'spoof' wouldn't hurt.
cheers!
~Carlos
On 2/25/13 6:11 PM, wbr...@e1b.org wrote:
>> From: "Carlos M. Martinez"
>
>
Google might be doing X,Y or Z with DNS data, but IMO, the fact doesn't
excuse ISPs border filtering requests or spoofing 8.8.8.8/8.8.4.4
What happened to personal responsibility by the way? Do we really want
our ISPs to nanny us just in case Big Evil Google data mines my DNS
queries ? Why can't
+1 !
On 2/26/13 12:34 PM, Cutler James R wrote:
> On Feb 26, 2013, at 8:32 AM, Carlos M. Martinez wrote:
>
>>
>>
>> Google might be doing X,Y or Z with DNS data, but IMO, the fact doesn't
>> excuse ISPs border filtering requests or spoofing 8.8.8.8/8.8.4.
It is not, starting with 9.9.0.
However, you should _never_ edit the signed version of the zone
manually. Edit the unsigned file, increment the SOA serial appropriately
and then rndc sign.
The SOA increment can be a bit tricky, If you have a signed zone with
autodnssec maintain, then BIND will pe
I sent an email to the list with some details on that, but somehow it didn't
make it to the list.
In a few words: always edit your unsigned zone, never the signed one. Always
check the CURRENT serial as published on the signed zone before incrementing.
This last thing almost drove me crazy a ye
Good one :-)
Sent from my iPad
On 01 Apr 2013, at 21:28, Robert Edmonds wrote:
> Paul Hoffman wrote:
>> I thought this was an elaborate April 1 "joke", and am concerned that
>> others did not.
>
> yes, it was. (check the last octet in the IP address: 198.51.100.41.)
> i'm sorry, i must have b
rsync sounds like a fine solution, the problem imo, is what happens when
something goes wrong, when a file transfer fails.
right now i'm thinking about not rsync'ing the zone files by eash one,
but rsync a tar file with all the zone files, so if it fails, it fails
atomically (i know that this work
And it believes that not having a MX record or an A record for 'www.' is
somehow a DNS error.
On 5/21/13 11:01 AM, Randy Bush wrote:
> http://www.intodns.com/ does not seem to work for cctlds
>
> randy
> ___
> dns-operations mailing list
> dns-operation
On 6/14/13 9:05 AM, Mehmet Akcin wrote:
> Seems to be up for me too. From Hawaii.
And that begs the question, isn't there anything better to do in Hawaii
just now ?
:D
~C.
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://list
Yes, there is something strange going on. From my PoV (AS 28000) I only
get answers from a.cctld.us
cheers
~Carlos
On 8/15/13 4:52 PM, Casey Deccio wrote:
> On Thu, Aug 15, 2013 at 12:42 PM, wrote:
>> Is anyone else seeing problems resolving .us addresses?
>>
>
> Hmm, availability doesn't loo
I'm _very_ torn on the issue. On one hand I fully agree with Patrik in
the sense that documenting such practices could lead to widespread
'holes' in validation.
However, in my opinion the first knee jerk reaction of a recursive
resolver operator will probably be 'if 1M clients of mine are unable t
Hello,
On 8/23/13 2:03 PM, Paul Vixie wrote:
>
>
>
> on the other hand i would not be glad to see NTA as an IETF RFC, FYI,
> BCP, or other standards-like artifact.
A long time ago a group of people said the same about NAT and now, a few
years on many of them regret it, while us who were not p
32 matches
Mail list logo
