Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

On Sep 12, 2017, at 11:06 PM, Mark Andrews wrote: > Oh sorry you can't use SRV with localhost to assign a port to this > protocol THAT HAS NO DEFAULT PORT and only a NAME. Is this what you > REALLY want to do? Yes. ___ DNSOP mailing list DNSOP@ietf.or

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

In message <26e56255-6169-4626-95e8-a9d6a2d5e...@fugue.com>, Ted Lemon writes: > On Sep 12, 2017, at 10:15 PM, John Levine wrote: > > Believe it or not, there are real non-loopback localhost domain names, > > like localhost.reddit.com . > > > > I agree that localhost

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

On Sep 12, 2017, at 10:15 PM, John Levine wrote: > Believe it or not, there are real non-loopback localhost domain names, > like localhost.reddit.com . > > I agree that localhost. pointing to loopback is generally asking > for trouble, but I am not at this point suff

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

In article <63da2e77-8507-4f25-8684-14eabf9a5...@powerdns.com> you write: >Since we are doing a draft/RFC on what localhost is and is not, I >suggest we put some text in there banning (MUST NOT) the practice of >having localhost entries (at least those pointing to 127.0.0.1/::1?) in >auth zones.

[DNSOP] Fwd: DNSSEC in local networks

'cause warren isn't special enough to warrant getting the only copy of this. /Wm -- Forwarded message -- From: william manning Date: Tue, Sep 12, 2017 at 6:53 PM Subject: Re: [DNSOP] DNSSEC in local networks To: Warren Kumari cry me a river. in the face of conflicting strings,

Re: [DNSOP] DNSSEC in local networks

On Mon, Sep 4, 2017 at 4:45 PM, Mark Andrews wrote: > > In message , > "Walter > H." writes: >> On Mon, September 4, 2017 14:22, Mark Andrews wrote: >> > >> > In message , >> > "Walter H." writes: >> >> where there anyone who said: "don't use it", 15 years ago? >> > >> > Yes. There were lots th

Re: [DNSOP] requesting WGLC for 5011-security-considerations

Matthijs Mekking writes: >> Mathematically, I think the actually time needed to wait is 30 % >> queryInterval, which may actually be 0 in some cases and just shy of >> queryInterval in others. Sound about right? > > I am sorry, I don't understand this logic, can you elaborate? > > The way I see

[DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-security-considerations-03.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations WG of the IETF. Title : Security Considerations for RFC5011 Publishers Authors : Wes Hardaker

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

Tony Finch wrote: Paul Vixie wrote: > ... Your localhost records (like the ones I deleted from cam.ac.uk last week) are troublesome for the web browser same origin security policy: they can lead to vulnerabilites when your websites are accessed from multi-user machines and in other more obscur

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

In article you write: >I think that this boils down to: It is an error to send a query for >localhost (or anything under localhost) to the DNS. The main reason >for this (at least from my reading of the thread) is a security >argument -- you want to be completely sure that 'localhost' will >alway

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

In message , "John R Levine" writes: > >>> When something shouldn't work, it shouldn't work. > >> > >> I agree but this is a tangent. The draft is about localhost. or maybe mething>.localhost. It's not about localhost.. > > > > The problem with this clarification is that in practice "localhost.

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

When something shouldn't work, it shouldn't work. I agree but this is a tangent. The draft is about localhost. or maybe .localhost. It's not about localhost.. The problem with this clarification is that in practice "localhost." is almost always spelt "localhost". Well, OK, but I hope we

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

On 12 Sep 2017, at 13:11, John R Levine wrote: >> https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00#section-4.1 >> >> When something shouldn't work, it shouldn't work. > > I agree but this is a tangent. The draft is about localhost. or maybe > .localhost. It's not about localhos

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00#section-4.1 When something shouldn't work, it shouldn't work. I agree but this is a tangent. The draft is about localhost. or maybe .localhost. It's not about localhost.. Regards, John Levine, jo...@taugh.com, Taughannock Networ

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

On Tue, Sep 12, 2017 at 8:54 AM, Tony Finch wrote: > Paul Vixie wrote: > > > > while i've generally included a localhost.$ORIGIN A RR in zones that > appear in > > my stub resolver search lists, in order that "localhost" be found, > > I agree with the rest of your message but I want to highlight

Re: [DNSOP] Fwd: I-D Action: draft-song-atr-large-resp-00.txt

> From: Paul Vixie > To: Stephane Bortzmeyer > > Yes, section 3. "it is suggested a timer to delay the second truncated > > response to around 10 millisecond which can be configured by local > > operation". (In the spirit of RFC 6555.) > > noting, 10ms isn't enough. packet reordering due to mult

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

Paul Vixie wrote: > > while i've generally included a localhost.$ORIGIN A RR in zones that appear in > my stub resolver search lists, in order that "localhost" be found, I agree with the rest of your message but I want to highlight this bit because it is directly related to the main reason this d

Re: [DNSOP] Fwd: I-D Action: draft-song-atr-large-resp-00.txt

Stephane Bortzmeyer wrote: On Tue, Sep 12, 2017 at 09:50:37AM +, Lanlan Pan wrote a message of 210 lines which said: ATR make Authoritative Servers send normal big response packet before they try to send TC response for large RRsets ? Yes, section 3. "it is suggested a timer to del

Re: [DNSOP] Fwd: I-D Action: draft-song-atr-large-resp-00.txt

On Tue, Sep 12, 2017 at 09:50:37AM +, Lanlan Pan wrote a message of 210 lines which said: > ATR make Authoritative Servers send normal big response packet > before they try to send TC response for large RRsets ? Yes, section 3. "it is suggested a timer to delay the second truncated respon

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

Tony Finch wrote: Wes Hardaker wrote: Instead, localhost is a operating system convention, a /etc/hosts name, an NIS name, or one of the other things that is able to resolve that name. But the DNS is not where that resolution comes from. I think this makes sense, but it isn't the whole sto

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

Hello, On 6 Sep 2017, at 16:00, tjw ietf wrote: When the idea of having a Call for Adoption for this document came up, we thought long and hard about this one. However, the comments from the working group focused this document to address the specific issue of the local hostname. This start

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

Wes Hardaker wrote: > > Specifically, we have multiple naming systems already, and I'd argue > that localhost actually isn't in the DNS naming system. There is no > authoritative source for it. In fact, DNSSEC proves this. > > Instead, localhost is a operating system convention, a /etc/hosts nam

Re: [DNSOP] Fwd: I-D Action: draft-song-atr-large-resp-00.txt

Hi Davey, ATR make Authoritative Servers send normal big response packet before they try to send TC response for large RRsets ? Davey Song 于2017年9月11日周一 下午12:29写道： > Hi folks, > > I just submit a draft dealing with issue of large DNS response especially > in IPv6. Commnets are welcome. > > If ch