Re: [DNSOP] I-D Action: draft-ietf-dnsop-nxdomain-cut-01.txt

> Main change: reorganisation of the text so that the normative section > 2 is written in a purely protocol-behaviour way, without any reference > to the implementation. Section 5 now discuss implementation. This seems like the right thing to do. However, I think that this document still goes t

Re: [DNSOP] edns-key-tag: EDNS0 option or query name?

In message <07285239-6239-4c1c-b684-7ff72306a...@verisign.com>, "Wessels, Duane " writes: > During previous discussions of the edns-key-tag draft, some people argued tha > t it would be better to convey key tags as query names, rather than EDNS0 opt > ions. > > Perhaps the best argument against t

[DNSOP] edns-key-tag: EDNS0 option or query name?

During previous discussions of the edns-key-tag draft, some people argued that it would be better to convey key tags as query names, rather than EDNS0 options. Perhaps the best argument against the EDNS0 option is that since EDNS0 is hop-by-hop, some resolvers and other meddleboxes won't know to

Re: [DNSOP] I-D Action: draft-ietf-dnsop-edns-key-tag-01.txt

> On Mar 9, 2016, at 4:58 PM, internet-dra...@ietf.org wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations of the IETF. > >Title : The EDNS Key Tag Option >Auth

Re: [DNSOP] I-D Action: draft-ietf-dnsop-nxdomain-cut-01.txt

On Thu, Mar 10, 2016 at 12:59:49PM -0800, internet-dra...@ietf.org wrote a message of 47 lines which said: > Title : NXDOMAIN really means there is nothing underneath > Filename: draft-ietf-dnsop-nxdomain-cut-01.txt ... > A diff from the previous version is avai

[DNSOP] I-D Action: draft-ietf-dnsop-nxdomain-cut-01.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations of the IETF. Title : NXDOMAIN really means there is nothing underneath Authors : Stephane Bortzmeyer

Re: [DNSOP] Erratra rejection

I believe the erratra below was rejected incorrectly. Firstly I can't see any discussion of this erratra on the pkix list in the archive. Secondly there are lots of technical errors in the rejection logic. 1) Nameserver reject whole zones at load time if a record refuses to parse. The record

Re: [DNSOP] I-D Action: draft-song-dns-wireformat-http-01.txt

Shane Kerr wrote: > At 2016-03-10 11:21:59 + > Tony Finch wrote: > > > Davey Song wrote: > > > > > > 1) Keep-alive does reduce latency in long time queries. It is a > > > little surprising to see that with keep-alive, DNS over HTTP’s > > > latency is almost the same as UDP. > > > > That's no

Re: [DNSOP] I-D Action: draft-song-dns-wireformat-http-01.txt

All, At 2016-03-10 17:15:12 +0800 Davey Song wrote: > FYI. A simple lab test done by my colleague. > > http://www.dnsv6lab.net/2016/03/05/A-performance-test-of-DNS-over-different-transport-protocol/ > > There are some observations： > 2) When coming to HTTPS, the keep-alive cannot reduce late

Re: [DNSOP] I-D Action: draft-song-dns-wireformat-http-01.txt

Tony, At 2016-03-10 11:21:59 + Tony Finch wrote: > Davey Song wrote: > > > > 1) Keep-alive does reduce latency in long time queries. It is a little > > surprising to see that with keep-alive, DNS over HTTP’s latency is almost > > the same as UDP. > > That's not unexpected on a fast link,

Re: [DNSOP] I-D Action: draft-song-dns-wireformat-http-01.txt

I expect that DNS over TLS and DNS over HTTP/2 are both going to get to much the same place because the technology is driving to the same place: get more of the query into the initial incoming packet so that the first response has useful payload. Do you think the differences are down to more than i

Re: [DNSOP] New Security Tool: MrLooquer - IPv6 Intelligence

> On 10 Mar 2016, at 12:54, ac wrote: > > who knew that on dnsop you would learn and get free entertainment :) What other reasons are there to be here? :-) ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] New Security Tool: MrLooquer - IPv6 Intelligence

On Thu, 10 Mar 2016 13:37:34 +0100 Stephane Bortzmeyer wrote: > On Thu, Mar 10, 2016 at 01:25:57PM +0100, > Francisco J. Gómez Rodríguez wrote > a message of 102 lines which said: > > Dear Sirs, > Our working group chair won't be happy :-) > > I recommend you to try port filter with value 53 (

Re: [DNSOP] New Security Tool: MrLooquer - IPv6 Intelligence

On Thu, Mar 10, 2016 at 01:25:57PM +0100, Francisco J. Gómez Rodríguez wrote a message of 102 lines which said: > Dear Sirs, Our working group chair won't be happy :-) > I recommend you to try port filter with value 53 (port:53) --> > https://mrlooquer.com/list?q=port:53 Quota exceded [sic]

[DNSOP] New Security Tool: MrLooquer - IPv6 Intelligence

Dear Sirs, Please, allow us to introduce MrLooquer -https:// www.mrlooquer.com MrLooquer combines open source intelligence techniques with heuristic and data mining to perform one of the first attempts to create a real map about IPv6 deployment and its relationship wit

Re: [DNSOP] I-D Action: draft-song-dns-wireformat-http-01.txt

Davey Song wrote: > > 1) Keep-alive does reduce latency in long time queries. It is a little > surprising to see that with keep-alive, DNS over HTTP’s latency is almost > the same as UDP. That's not unexpected on a fast link, but it would be worth estimating the difference in serialization latenc

Re: [DNSOP] I-D Action: draft-song-dns-wireformat-http-01.txt

FYI. A simple lab test done by my colleague. http://www.dnsv6lab.net/2016/03/05/A-performance-test-of-DNS-over-different-transport-protocol/ There are some observations： 1) Keep-alive does reduce latency in long time queries. It is a little surprising to see that with keep-alive, DNS over HTTP’s