-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Christian Grothoff wrote:
> Dear DNSOP / chairs,
>
> The same applies to the various P2P drafts:
>
> https://datatracker.ietf.org/doc/draft-grothoff-iesg-special-use-p2p-
>
>
bit/
Section 5, paragraph 3 - The example uses .onion, which I assume i
On Thu, Oct 01, 2015 at 09:02:09AM -0700, Ólafur Guðmundsson wrote:
> Only validating resolver will send follow up query,
Correct, but it would send them to every name server until it
got a non-bogus reply. This is unnecessary collateral damage.
> Here is the deal there are 3 sources of ANY queri
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations Working Group
of the IETF.
Title : Decreasing Access Time to Root Servers by Running One
on Loopback
Authors : Warren
Strong +1. This is an obvious, useful, rational and alas, strictly
irrelevant point. Which I agree with.
-G
On Thu, Oct 1, 2015 at 12:51 PM, David Conrad wrote:
>
> > On Oct 1, 2015, at 10:45 AM, John Levine wrote:
> >
> >>> Uh, no. The *only* loopback address is ::1. The rest of ::/8 is
On your system, I'm sure it works fine. On other systems that
implement IPv6 in other ways, maybe not.
Which is why I think
https://tools.ietf.org/html/draft-ipversion6-loopback-prefix-00
should be resurrected (not directly relevant to DNSOP of course).
Seems like a good idea. I've got a d
> On Oct 1, 2015, at 10:45 AM, John Levine wrote:
>
>>> Uh, no. The *only* loopback address is ::1. The rest of ::/8 is
>>> reserved.
>>
>> Anything is a loopback address if you alias it on your loopback interface.
>>
>> ::2 was only intended as an example (that's why I said "salt to ta
>> Uh, no. The *only* loopback address is ::1. The rest of ::/8 is
>> reserved.
>
>Anything is a loopback address if you alias it on your loopback interface.
>
>::2 was only intended as an example (that's why I said "salt to taste"),
>but it was not a particularly well-chosen one.
On your s
On Wed, Sep 30, 2015 at 10:08 PM, Evan Hunt wrote:
> On Wed, Sep 30, 2015 at 11:28:45PM -0400, Joe Abley wrote:
> > 1. Return an unsigned response. This will be marked as bogus, and
> > trigger a QTYPE=HINFO re-query that will either return an actual signed
> > HINFO from the zone or a signed pro
This may be a little off-topic for DNSOP, but has anyone considered submitting
Errata for RFC 4291 to add the word "physical" before the word "interface" to
the sentence
"A packet received on an interface with a destination address of loopback must
be dropped"
?
Because, as it stands, if take
Shane Kerr wrote:
>
>
> In the case where people just want to reduce the damage of ANY queries
> in reflection attacks, I quite like the PowerDNS option of forcing ANY
> queries to TCP via truncation. I'm not sure if this has been documented
> in any RFC, but if not then perhaps it bears mentioni
On 2015-10-01 12:13+0100
Dick Franks wrote:
> Dick Franks
>
>
>
> On 1 October 2015 at 11:12, Shane Kerr wrote:
>
> >
> > In the case where people just want to reduce the damage of ANY queries
> > in reflection attacks, I quite like the PowerDNS option of forcing ANY
Brian Haberman has entered the following ballot position for
draft-ietf-dnsop-root-loopback-04: Yes
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to http
Stephen Farrell has entered the following ballot position for
draft-ietf-dnsop-root-loopback-04: Yes
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to htt
Dick Franks
On 1 October 2015 at 11:12, Shane Kerr wrote:
>
> In the case where people just want to reduce the damage of ANY queries
> in reflection attacks, I quite like the PowerDNS option of forcing ANY
> queries to TCP via truncation. I'm not sure if this has been d
Joe and all,
On 2015-10-01 02:25-0400
"Joe Abley" wrote:
> On 1 Oct 2015, at 1:08, Evan Hunt wrote:
>
> > The disadvantages of pick-one-RRset that I can see are 1) more
> > information leaked (but nothing that couldn't be obtained by sending
> > queries for individual qtypes anyway), and 2) mod
John Levine wrote:
>
> If you have a loopback software interface, you could set up a link
> local address like fe80::1, but now your DNS software has to
> understand link scoped addresses like fe80::1%lo.
>
> Having set up a DNS cache on my LAN using link local IPv6 addresses, I
> can report that
Paul Hoffman wrote:
>
> For this type of system, you want a hash or checksum function where
> finding collisions takes more than N attempts, and all of those attempts
> must be based on random guessing, not on some structure of the messages.
> N can be calibrated by the value of an attacker foolin
17 matches
Mail list logo
