[DNSOP] Late to the "special use labels" party

2016-10-01 Thread william manning
actually, these ideas touch on a few threads that seem to (still) be flying around. I expect to turn this into an ID, headed for Informational - possibly to the ISE. comments and constructive input appreciated. /Wm What is the Domain Name System (DNS)? The DNS was created to provide a

Re: [DNSOP] drop udp to stop DDOS?

2016-10-01 Thread joel jaeggli
On 10/1/16 8:36 AM, A. Schulze wrote: > Hello, > > a nsd user posted an interesting question: > https://open.nlnetlabs.nl/pipermail/nsd-users/2016-September/002364.html > >> Could we eliminate the DDoS threat by just turning off UDP? >> >> Recursive servers I understand probably have to keep accept

[DNSOP] Interesting question

2016-10-01 Thread Edward Lewis
On the dns-operations list there is a thread of interest. Someone as a set of name servers that all have a set up where the parent zone has no delegation to the child (no DS and no NS) but also the child zone is configured without DNSSEC records. Looking at relevant text in DNSSEC Protocol Modi

Re: [DNSOP] On the call for adoption on Special Use Names (Please! Pretty please, with a cherry on top?!)

2016-10-01 Thread Suzanne Woolf
Warren, and all, We’re working on a response. This past week had some distractions. Look for an update in the next couple of days. Suzanne & Tim > On Oct 1, 2016, at 8:13 PM, Warren Kumari wrote: > > > Yup. Hopefully a decision on what to do is made, and made soon -- this > whole process

Re: [DNSOP] On the call for adoption on Special Use Names (Please! Pretty please, with a cherry on top?!)

2016-10-01 Thread Warren Kumari
On Sat, Oct 1, 2016 at 3:12 PM, Paul Wouters wrote: > On Sat, 1 Oct 2016, Warren Kumari wrote: > >>> ICANN already has a blacklist of unsafe domains. IETF can advise them >>> on that list if needed. >> >> >> >> No, no it really doesn't -- it has some list of names, which seem to >> have been fairl

Re: [DNSOP] On the call for adoption on Special Use Names (Please! Pretty please, with a cherry on top?!)

2016-10-01 Thread Paul Wouters
On Sat, 1 Oct 2016, Warren Kumari wrote: ICANN already has a blacklist of unsafe domains. IETF can advise them on that list if needed. No, no it really doesn't -- it has some list of names, which seem to have been fairly arbitrarily chosen. This is not a stable, well published list -- it lurk

Re: [DNSOP] On the call for adoption on Special Use Names (Please! Pretty please, with a cherry on top?!)

2016-10-01 Thread Philip Homburg
In your letter dated Sat, 1 Oct 2016 14:25:06 -0400 you wrote: > Sure, many people didn't like the .ONION discussion / outcome -- > but what would your advice have been to the TOR community if we'd > already decided to abdicate our position? "Dear TOR folk. Go talk > to ICANN.. Yeah, I know that t

Re: [DNSOP] On the call for adoption on Special Use Names (Please! Pretty please, with a cherry on top?!)

2016-10-01 Thread Warren Kumari
On Thu, Sep 29, 2016 at 11:04 PM, Paul Wouters wrote: > On Thu, 29 Sep 2016, Warren Kumari wrote: > >> On Thursday, September 29, 2016, Ted Lemon wrote: >> >> So, if anyone is still wondering why we need a /good/ problem >> statement, this discussion is why. You are >> both taking pa

Re: [DNSOP] drop udp to stop DDOS?

2016-10-01 Thread Jim Reid
> On 1 Oct 2016, at 16:36, A. Schulze wrote: > >> Could we eliminate the DDoS threat by just turning off UDP? >> >> Recursive servers I understand probably have to keep accepting them, but >> authoritative servers are only intended for recursive servers to query, so >> would it be safe to jus

[DNSOP] drop udp to stop DDOS?

2016-10-01 Thread A. Schulze
Hello, a nsd user posted an interesting question: https://open.nlnetlabs.nl/pipermail/nsd-users/2016-September/002364.html Could we eliminate the DDoS threat by just turning off UDP? Recursive servers I understand probably have to keep accepting them, but authoritative servers are only inten