Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

Ray Bellis wrote: On 30/01/2018 18:59, Andrew Sullivan wrote: Because of that same section, also, signing the answer should also not be controversial because the answer is static. My preference, however, would be for the root servers to REFUSE to answer such queries. Won't that cause the r

Re: [DNSOP] I-D Action: draft-ietf-dnsop-aname-01.txt

I've been pondering DNSSEC and additional data. I think it's currently the case for additional section processing in general that if (say) an RRset isn't present, then nothing is added to the additional section. I think it would be better to add an NSEC(3) proof of nonexistence if the relevan

Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

On Wed, Jan 31, 2018 at 10:04:03AM +, Ray Bellis wrote: > On 30/01/2018 18:59, Andrew Sullivan wrote: > > > Because of that same section, also, signing the answer should also not > > be controversial because the answer is static. My preference, > > however, would be for the root servers to R

[DNSOP] Running code: draft-ietf-dnsop-kskroll-sentinel-00

Hello, draft-ietf-dnsop-kskroll-sentinel-00 is now implemented in Knot Resolver version 2.0.0 [1] which was released today, and it is enabled by default. Other implementers might be interested in Deckard [2] tests [3] we have for this feature. The Deckard framework also works with Unbound and Pow

Re: [DNSOP] I-D Action: draft-huston-kskroll-sentinel-04.txt

On Wed, Jan 31, 2018 at 5:36 AM, Robert Story wrote: > On Tue 2018-01-30 22:40:11-0500 Joe wrote: > > I made a comment some time ago in response to someone's (Warren's > > again, I think, but I'm not sure) observed confusion in others about > > the draft. I recall that I suggested that the draft

Re: [DNSOP] I-D Action: draft-huston-kskroll-sentinel-04.txt

On Tue 2018-01-30 22:40:11-0500 Joe wrote: > I made a comment some time ago in response to someone's (Warren's > again, I think, but I'm not sure) observed confusion in others about > the draft. I recall that I suggested that the draft include some > explicit advice for all the various actors here

Re: [DNSOP] I-D Action: draft-huston-kskroll-sentinel-04.txt

On 31/01/2018 00:58, Paul Hoffman wrote: > The problem you hit was in BIND. To get around it, you simply add > "check-names master warn;" to the options. If you're doing that, please put it in the zone specific stanza, and not in the global options for the server: zone "foo" { type master;

Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

On 30/01/2018 18:59, Andrew Sullivan wrote: > Because of that same section, also, signing the answer should also not > be controversial because the answer is static. My preference, > however, would be for the root servers to REFUSE to answer such > queries. Won't that cause the resolver to cycle