I haven’t seen a final draft yet, so hopefully it’s not too late to suggest
further additions :)
A talk [1] at DNS OARC 42 this morning reminded me of a common pitfall we might
do well to point out in the document.
Beware of state in the network!
State holding middleware, e.g. firewalls, loa
Hi all,
Thanks a lot for this draft. I know my response is kinda late, but I understand
that this is still an active endeavor.
In addition to the comments below, I'd like to raise the point of a
"false-positive" rate for any kind of filtering. This is, in my view, a crucial
aspect, and not cu
Shane and other TF members,
Great document!
I have some comments about the anycast bit :)
> On Nov 26, 2023, at 12:01 PM, Shane Kerr wrote:
>
> Colleagues,
>
> Here is a draft of the RIPE DNS Resolver Best Common Practices document
> that the task force of that name has been working on.
[.
Thanks Shane and the Resolver BCP task force. Excellent work!
I'd like to propose to, besides suggesting to transparently disclose the
list of blocked websites (when the law requires blocking), also suggest
to carry that information in the blocked response in an Extended DNS
Error with code Bl
On 27. 11. 23 13:16, Ralf Weber wrote:
### Aggressive NSEC caching
**Aggressive NSEC caching should be enabled.**
For: Public resolver operators.
"Aggressive NSEC caching", meaning negative caching based on NSEC and
NSEC3 values, can reduce traffic greatly. It is important to protect
against r
Hello everyone,
thank your for hard work on this. I think it's well written document.
More substantial feedback below relates to:
- TTL recommendations
- Selection of transport protocols
- EDNS Client Subnet (ECS)
- Missing mention of RFC 8906
More in-line below, including couple nits.
On 26.
sent this email at a time that is convenient for me. I do not expect
you to respond to it outside of your usual working hours.
:
:
:From: dns-wg on behalf of Moritz Müller via dns-wg
:Date: Monday, 27 November 2023 at 17:47
:To: Shane Kerr
:Cc: dns-wg@ripe.net
:Subject: Re: [dns-wg] Draft o
dns-wg on behalf of Moritz Müller via dns-wg
Date: Monday, 27 November 2023 at 17:47
To: Shane Kerr
Cc: dns-wg@ripe.net
Subject: Re: [dns-wg] Draft of RIPE DNS Resolver Best Common Practices
[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised
sources.
If I re
If I recall correctly, someone just mentioned at the mic during the BCOP BOF
session that such a long list of recommendations might actually scare people
off from running their own resolver.
Maybe adding a short paragraph in the introduction like the one below might
address this:
"Operators int
Moin!
On 26 Nov 2023, at 18:01, Shane Kerr wrote:
> ### Aggressive NSEC caching
>
> **Aggressive NSEC caching should be enabled.**
>
> For: Public resolver operators.
>
> "Aggressive NSEC caching", meaning negative caching based on NSEC and
> NSEC3 values, can reduce traffic greatly. It is importa
10 matches
Mail list logo
