Re: [DNSOP] [Ext] Re: tdns, 'hello-dns' progress, feedback requested

On 4/13/18, 15:02, "DNSOP on behalf of Matthew Pounsett" wrote: >On 13 April 2018 at 11:11, bert hubert wrote: >>RFC 1034, 4.3.2, step 3, a. It says to go back to step 1, which means that in

[DNSOP] "Trustworthiness" - was Re: [Ext] Re: tdns, 'hello-dns' progress, feedback requested

On 4/13/18, 13:51, "DNSOP on behalf of Mukund Sivaraman" wrote: >Nod, RFC 2181 doesn't use RFC 2119/8174 keywords, so the "should" there >doesn't have a pointy meaning. In "Clarifications to the DNS Specification" (the title of RFC 2181, which ought to give some idea of how significant

Re: [DNSOP] Blog Post: DNS over TLS support in Android P Developer Preview

This is great, well done. On Fri, Apr 13, 2018 at 12:49 PM, Warren Kumari wrote: > Hi all, > > As Erik Kline and Ben Schwartz seem to be too modest to toot their own > horn, I'll do it for them: > https://android-developers.googleblog.com/2018/04/dns-over-tls-support-in-android-p.html > > Snippet

[DNSOP] Blog Post: DNS over TLS support in Android P Developer Preview

Hi all, As Erik Kline and Ben Schwartz seem to be too modest to toot their own horn, I'll do it for them: https://android-developers.googleblog.com/2018/04/dns-over-tls-support-in-android-p.html Snippet from the above: "The Android P Developer Preview includes built-in support for DNS over TLS. W

Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested

On 13 April 2018 at 11:11, bert hubert wrote: > > >1) chase CNAMEs that point to another zone > > >2) look for glue outside of the zone > > > > 1) What was the historical text that indicated that an authoritative > server > > should chase CNAMEs before responding? This worries me. > > RFC 1034, 4

Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested

At Fri, 13 Apr 2018 16:47:07 +0200, bert hubert wrote: > In writing this server and while consulting with some other implementors, I > for now have decided that in 2018 it makes no sense to: > > 1) chase CNAMEs that point to another zone It may not even make sense to chase CNAME in the same zone

Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested

On Fri, Apr 13, 2018 at 05:35:14PM +, Evan Hunt wrote: > On Sat, Apr 14, 2018 at 01:13:30AM +0800, Mukund Sivaraman wrote: > > On Fri, Apr 13, 2018 at 04:31:35PM +, Evan Hunt wrote: > > > I could have sworn there was an RFC published several years ago concerning > > > the prevention of cach

Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested

On Sat, Apr 14, 2018 at 01:13:30AM +0800, Mukund Sivaraman wrote: > On Fri, Apr 13, 2018 at 04:31:35PM +, Evan Hunt wrote: > > I could have sworn there was an RFC published several years ago concerning > > the prevention of cache poisoning, which specified that resolvers had to > > ignore out o

Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested

On Fri, Apr 13, 2018 at 04:31:35PM +, Evan Hunt wrote: > I could have sworn there was an RFC published several years ago concerning > the prevention of cache poisoning, which specified that resolvers had to > ignore out of zone CNAMEs and re-query, but I can't find it now. Poor > google skills,

Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested

On Fri, Apr 13, 2018 at 05:11:52PM +0200, bert hubert wrote: > RFC 1034, 4.3.2, step 3, a. It says to go back to step 1, which means that > in step 2 we look up the best zone again for the target of the CNAME. I have > not looked if newer RFCs deprecate this or not. So with 'chase' I mean, > consul

Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested

My takeaway is that RFC 1034 Section 4.3.2 talks about "servers" without differentiating between authoritative servers and the server side of resolvers. If we can get agreement on detangling those two, it would be a huge service to the DNS community. --Paul Hoffman ___

Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested

On Fri, Apr 13, 2018 at 07:59:19AM -0700, Paul Hoffman wrote: > >Specifically, I thought it was a good a idea to make a "minimal but > >correct and best practices" authoritative nameserver. > Thank you, thank you. I can also tell you it is fun to start one from scratch and not make the same mistak

Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested

the authority server should never fetch anything, and therefore, should not return out-of-zone data. if that means a cname chain ends without a result, that's the resolver's problem. if that means a delegated zone's name servers are only available in a sibling or uncle zone, that's the delegate

Re: [DNSOP] tdns, 'hello-dns' progress, feedback requested

On 13 Apr 2018, at 7:47, bert hubert wrote: Specifically, I thought it was a good a idea to make a "minimal but correct and best practices" authoritative nameserver. Thank you, thank you. In writing this server and while consulting with some other implementors, I for now have decided that

[DNSOP] tdns, 'hello-dns' progress, feedback requested

Hi everyone, [tl;dr - is it ok not to chase CNAMEs out of zones and only to do in-zone glue? how many CNAMEs should one follow? Plus some fun things] Under the watchful eye of the lovely camel Farsight sent us [1], I've been working on enhancing the 'hello-dns' pages on http://powerdns.org/hello-

Re: [DNSOP] Working Group Last Call for: draft-ietf-dnsop-kskroll-sentinel

Hello Suzanne, On 6 Apr 2018, at 23:49, Suzanne Woolf wrote: We’re hearing that having an RFC will be helpful to promoting implementation, and also that this draft may not be ready to be advanced for publication because it doesn’t include implementation experience. This is something the WG ne