On Wed, Jul 15, 2009 at 12:12:56PM +1000,
Mark Andrews wrote
a message of 21 lines which said:
> If the zone is signed it can be reasonably assumed that the owner
> doesn't want the answers modified
OK, if and only if the provider does *not* assume the opposite and
does not regard an unsigned
Thanks for your detailed review. We¹ll reply when we start to work on the
01 update.
Regards
Jason
On 7/14/09 7:21 PM, "SM" wrote:
> Hello,
>
> When I first read draft-livingood-dns-redirect-00, my first thought
> was about how would it be received if the author was from some
> country in t
On Mon, 13 Jul 2009, Paul Hoffman wrote:
I think you need to widen that caveat: anything that isn't a web browser
should not use a DNS server that misbehaves as described in this draft.
I think you need to widen that caveat: anything should not use a DNS server
that misbehaves as described in
In message <6.2.5.6.2.20090714124754.030b6...@elandnews.com>, SM writes:
> In Section 8.4, it is mentioned that "the owner of example.com may
> request that the ISP or DNS ASP not perform DNS Redirect for the
> example.com domain". It will be a lot of work to contact all the
> ISPs, if that is
On Mon, Jul 13, 2009 at 09:20:12PM -0400, Livingood, Jason wrote:
Great and detailed feedback on our first draft, Andrew. I'll take a reply
in detail, point-by-point, when I start working on -01 with my co-authors
and contributors.
Thanks
Jason
jason
andrew pretty much covered it bu
Hello,
When I first read draft-livingood-dns-redirect-00, my first thought
was about how would it be received if the author was from some
country in the Far East. In September 2008, the IETF published BCP
140 about preventing use of recursive nameservers in reflector
attacks. The discussion
On Mon, Jul 13, 2009 at 04:29:49PM -0400,
Andrew Sullivan wrote
a message of 33 lines which said:
> It is a fact that people are doingthese DNS tricks, and we will not
> be saved from them by refusing totalk about them any more than we
> were saved from the stupidestpossible NAT implementation
On Mon, Jul 13, 2009 at 03:27:56PM +0100,
ray.bel...@nominet.org.uk wrote
a message of 51 lines which said:
> At least when you do it on your recursive servers you're only affecting
> your own customers, who in most cases can vote with their wallets when
> they don't like it.
No, as I expla
On Sat, Jul 11, 2009 at 04:59:38PM -0700,
Paul Hoffman wrote
a message of 8 lines which said:
> Having said that, the publication of a document such as this (with
> more input from the community) as a Informational RFC could indeed
> help the Internet.
I doubt it. IMHO, giving the amount of m
On Tue, Jul 14, 2009 at 02:25:33PM +0100, Tony Finch wrote:
> Captive portals come to mind, e.g. to authenticate to a wireless access
> point, or to quarantine a customer's virus-infested computer.
There are in fact ways to do that without mucking with DNS answers.
Some portals do such things, and
At 9:15 AM -0400 7/14/09, Livingood, Jason wrote:
>On 7/14/09 8:58 AM, "Suzanne Woolf" wrote:
>
>> In this case, we're talking about resolvers replacing
>> authoritative server data with their own.
>
>Actually, I thought the case was resolvers providing an alternate response,
>where NO authoritati
On Tue, Jul 14, 2009 at 09:15:24AM -0400, Livingood, Jason wrote:
> On 7/14/09 8:58 AM, "Suzanne Woolf" wrote:
>
> > In this case, we're talking about resolvers replacing
> > authoritative server data with their own.
>
> Actually, I thought the case was resolvers providing an alternate response,
On Mon, Jul 13, 2009 at 09:55:42AM -0400, Livingood, Jason wrote:
> On the topic of "lying resolvers" though, that seems a bit strong IMHO. But
> perhaps I have missed a strong MUST statement (per RFC 2119) in a relevant
> RFC that you could refer me to?
It's always seemed to me that it was impli
On Mon, 13 Jul 2009, Andrew Sullivan wrote:
>
> Section 7.5 seems to suggest that there are cases where it is
> acceptable to intercept DNS queries and redirect them silently. These
> cases are typified as being "reasonable", "justifiable", &c. The
> problem with any of this sort of thing is that
> Actually, I thought the case was resolvers providing an alternate
response,
> where NO authoritative data exists. ??
An NXDOMAIN response is still authoritative data.
Ray
--
Ray Bellis, MA(Oxon) MIET
Senior Researcher in Advanced Projects, Nominet
e: r...@nominet.org.uk, t: +44 1865 332211
On 7/14/09 8:58 AM, "Suzanne Woolf" wrote:
> In this case, we're talking about resolvers replacing
> authoritative server data with their own.
Actually, I thought the case was resolvers providing an alternate response,
where NO authoritative data exists. ??
> To the draft specifically: the
16 matches
Mail list logo
