On Sat, Oct 26, 2013 at 01:11:26PM +0100, Jim Reid wrote:
> On 26 Oct 2013, at 12:59, Masataka Ohta
> wrote:
>
> > a serious vulnerability of, so called, DNSSEC is lack of secure time.
> > some security novices innocently believed GPS time were automagically
> > secure.
> > That is, so far, the
its hard to distinguish an implementation error and a DNS protocol error, so
yes, it might
be a very good idea to triage your failures properly.
/bill
On Sat, Oct 26, 2013 at 01:28:10AM +0200, Hosnieh Rafiee wrote:
> Hi Bill,
>
> Thanks for your message.
>
> > are your new collection, DNS v
are your new collection, DNS vulnerabilities, configuration mistakes, or
implementation faults?
/bill
On Sat, Oct 26, 2013 at 01:16:29AM +0200, Hosnieh Rafiee wrote:
> Hello,
>
> I have gathered some vulnerabilities in the current DNS security approaches
> such as DNSSEC and etc. We think i
On Mon, Feb 13, 2012 at 09:33:05AM +0100, Stephane Bortzmeyer wrote:
> On Mon, Feb 06, 2012 at 07:12:56PM +,
> bmann...@vacation.karoshi.com wrote
> a message of 49 lines which said:
>
> > A New Internet-Draft is available from the on-line Internet-Drafts
> > directories.
> >
> > Tit
On Thu, Feb 09, 2012 at 01:17:52PM -0800, Joe Abley wrote:
> Hi Bill,
>
> On 2012-02-06, at 14:12,
> wrote:
>
> > Thanks to Warren, Ed, John D., David C. and Kato-san for their
> > comments/corrections.
> > Any more?
>
> I see you added some text based on our conversation in sunny Christchu
On Mon, Feb 06, 2012 at 05:52:12PM -0500, Paul Hoffman wrote:
> On Feb 6, 2012, at 5:19 PM, bmann...@vacation.karoshi.com wrote:
>
> > First off, this is an RSSAC document so it is not clear why you think
> > someone from the root
> > opserator community should do the copy editing.
>
> There is
Hello Paul.
First off, this is an RSSAC document so it is not clear why you think someone
from the root
opserator community should do the copy editing.
> The paragraph at the end of section 1 (the "isn't really 2119 language" text)
> is quite cute and will cause you a world of pain and delay.
Thanks to Warren, Ed, John D., David C. and Kato-san for their
comments/corrections.
Any more?
/bill
From: internet-dra...@ietf.org
Date: Mon, 06 Feb 2012 09:01:00 -0800
Subject: I-D Action: draft-rssac-dnsop-rfc2870bis-04.txt
To: i-d-annou...@ietf.org
A New Internet-Draft is available fro
thanks! will fold in accordingly.
/bill
On Sun, Feb 05, 2012 at 07:40:49PM -0800, David Conrad wrote:
> Bill,
>
> Comments/nits/etc.
>
> Regards,
> -drc
>
> Last sentence of Abstract:
>
> "... zones may also find it useful."
>
> Might suggest "... zones may also find this document
will fold them in, thanks.
/bill
On Sun, Feb 05, 2012 at 11:34:06AM -0500, Warren Kumari wrote:
> Nits and notes:
>
> Abstract:
> O: The DNS is considered a crucial part of that technical infrastrcuture.
> P: The DNS is considered a crucial part of that technical infrastructure.
> C: s/infrast
thanks. will fold in your comments.
/bill
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
The Root Server System Advisory Committee of ICANN has been working on a
revision to RFC 2870.
It is currently posted as:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Root Name Server Operational Requirements
Author
On Thu, Jul 28, 2011 at 02:11:41PM -0400, Warren Kumari wrote:
>
> On Jul 27, 2011, at 10:08 PM, William F. Maton Sotomayor wrote:
>
> > On Tue, 26 Jul 2011, George Michaelson wrote:
> >
> >> I would support this latter approach William: I think we should seek WG
> >> adoption of three drafts
>
On Mon, Nov 22, 2010 at 09:58:02PM +, Paul Vixie wrote:
> > Date: Mon, 22 Nov 2010 20:36:17 +
> > From: bmann...@vacation.karoshi.com
> >
> > we tried this a couple time last decade with limited success. (pre
> > SRV). it would work, if and only if there were general agreement by
> > the
we tried this a couple time last decade with limited success.
(pre SRV). it would work, if and only if there were general
agreement by the zone admins to actually keep up w/ the data.
there was even an attempt to stuff rPKI data into the DNS (with
DNSSEC) and Tony Bates even wrote up an ID on th
On Thu, Nov 11, 2010 at 05:03:51AM -0500, Andrew Sullivan wrote:
> Hi all,
>
> The last discussion of signing ROOT-SERVERS.NET involved the arguments
> that there's no real value in signing the zone and that there is a
> non-zero cost to doing so.
>
> I agree with both of those arguments, but I w
On Mon, Oct 04, 2010 at 11:14:20AM -0400, Joe Abley wrote:
>
> On 2010-10-04, at 11:11, Eric Rescorla wrote:
>
> > Carefully specified, perhaps, but what you're saying here also makes me
> > think it was
> > also incorrectly specified, since, as I said, the technique I described is
> > well-kn
On Thu, Jul 08, 2010 at 11:39:33AM +0200, Olaf Kolkman wrote:
>
> I observe though that 4641 is mainly written from the perspective of a
> 'zone-owner' and that I am not quite sure where to give specific advice to
> administrators of recursive nameservers.
>
> So before text is drafted there is
thanks for this. :)
--bill
On Tue, Jun 29, 2010 at 03:19:54PM +0200, Matthijs Mekking wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> FYI,
>
> I have submitted this draft on the topic of automatic update of DS (and
> other records).
>
> Best regards,
>
> Matthijs Mekking
> NLn
On Thu, Jun 17, 2010 at 01:15:06PM +0200, Peter Koch wrote:
> (2) is covered in the IANA considerations section but while that section
> refers to a formal policy it does not offer guidance for review.
> We should capture the considerations from the most recent as well as
> previous dis
On Mon, Jun 14, 2010 at 07:51:14PM -0700, Paul Hoffman wrote:
> At 12:12 PM +1000 6/15/10, Mark Andrews wrote:
> >In message , Paul Hoffman writes:
> >> At 4:23 PM -0400 6/11/10, Derek Diget wrote:
> >> >Raising hand timidly
> >>
> >> In this group!? :-)
> >>
> >> >Instead of listing the zones
On Tue, Jun 08, 2010 at 02:52:01PM +1000, Mark Andrews wrote:
>
> The zones are consistant with RFC5735 and with operational practice.
>
> > So the question - how common do we expect /32 delegations to become in
> > futur
> > e?
>
> From IN-ADDR.ARPA or from some other zone to handle /25-/32 s
So ISC has allowed BIND to build with some default zones being created. I
think this
is - to coin a phrase - suboptimal and yet more code I have to rip out of the
BIND distro...
but that is not the point of this missive... :)
I will use two of the automatically created zones to illistrate a p
as the admin for ip6.int. the IPv6 wg declared that ip6.int
should be terminated on 6/6/06 - along with the 6bone. David
Conrad removed the delegation shortly there after, even though
there are still resolvers which look for that delegation instead
of the ip6.arpa zone - which functions as i
one might actually extrapolate here (and maybe look back a couple
decades) ... there used to be many different transports around -
and about the timethe DNS "gel'ed", most had become vestigal. We
are now in the evoultionary "fork in the road" when we have an
emergent, new transport that demands
On Wed, Mar 31, 2010 at 11:26:53PM -0700, Christopher Morrow wrote:
> On Wed, Mar 31, 2010 at 1:55 PM, Dan Wing wrote:
>
> > But Remi's point is that those same systems (running Windows XP
> > and IE6) using 6rd will be denied the ability to access content
> > via IPv6. Which removes an incentiv
On Wed, Mar 31, 2010 at 02:45:09PM -0700, Dan Wing wrote:
> > On Mar 31, 2010, at 3:19 PM, Dan Wing wrote:
> >
> > > Any host that sends its queries over IPv4 would lose
> > > IPv6 connectivity.
> >
> > Isn't this a misdirection?
> >
> > I suspect it's more like: any (address family agno
- Forwarded message from Fred Baker -
This is a structured question for the community.
Jari Arkko tells us that he is getting requests from various sources to take
RFC 5006 to Proposed Standard. It is now experimental.
http://www.ietf.org/rfc/rfc5006.txt
5006 IPv6 Router Advertisement
On Sun, Mar 07, 2010 at 01:43:36PM +, Jim Reid wrote:
> On 7 Mar 2010, at 12:37, bmann...@vacation.karoshi.com wrote:
>
> >ah come on Jim... folsk should sign their zones as soon
> >as they see fit, regardless of parental buy in.
>
> Bill, IMO there's not much point in signing root-servers.ne
ah come on Jim... folsk should sign their zones as soon
as they see fit, regardless of parental buy in. so the
one true root or even .net being signed doesnt really matter
if the root-servers.net zone gets signed tomorrow.
how useful it will be, who knows... not sure how the value
proposit
On Thu, Mar 04, 2010 at 08:11:13AM -0500, Edward Lewis wrote:
> At 4:30 + 3/4/10, bmann...@vacation.karoshi.com wrote:
>
> > I'd like to suggest monday - 1500-1700
>
> We can talk then, but the wheels were in motion to put it on
> Wednesday. The reason for that was the crowd coming for
> I'm on the verge of putting together a Bar BoF call on the IETF list.
> There have been two work items I wanted to cover - EPPbis and the
> issue of provisioning DS records.
re: registries not at the IETF... if there is some general idea
for collecting registry requirement
On Wed, Mar 03, 2010 at 11:28:36AM +0100, Jaap Akkerhuis wrote:
>
> Antoin says:
> So there's one more logical entity involved; most likely this way:
>
> jaap
> ___
did i miss something? Antoin sez that where?
--bill
__
On Wed, Mar 03, 2010 at 01:40:53PM +1300, Jay Daley wrote:
> > there is a problem w/ cut/paste ... surely we could do better than that?
>
> I'm sure we could and an automated update of DS records is a good idea. But
> my point is that in the absence of a similar automated mechanism for NS
>
On Tue, Mar 02, 2010 at 08:05:38PM +, Alex Bligh wrote:
> Ed,
>
> --On 2 March 2010 14:39:45 -0500 Edward Lewis wrote:
>
> >Telling someone one to change the name server from "ns1.example.tld." to
> >"newdns.example." or "127.0.10.2 to 192.0.2.3" is easier than saying
> >change something fro
>
> That I don't. Currently the registrant's DNS provider tells them "cut and
> paste this blob from here into the field marked 'nameservers' in your
> registrar's interface" and to that they will add "cut and paste this blob
> from here into the field marked 'DS record' in your registrar's in
On Tue, Mar 02, 2010 at 10:04:46AM +0100, Wolfgang Nagele wrote:
> Hi,
>
> > granted that this discussion is important and folks
> > interested in this might be at the IETF77, could we
> > either have a bof (formal) or a small lunch mtg
> > during the week of IETF77?
> >
> >
granted that this discussion is important and folks
interested in this might be at the IETF77, could we
either have a bof (formal) or a small lunch mtg
during the week of IETF77?
I'd be glad to attend.
--bill
On Fri, Feb 26, 2010 at 10:12:48AM +0100, Wo
On Tue, Feb 23, 2010 at 07:09:12AM -0800, Todd Glassey wrote:
> >
> As I have said, there is no difference between this and the Jim Crow
> actions which separated blacks from the white population in then US and
> the application of the concept of racially unfit parties as Trolls
> within the IET
On Sat, Jan 23, 2010 at 08:00:17PM -0500, Matt Larson wrote:
> On Fri, 22 Jan 2010, Paul Wouters wrote:
> > On Fri, 22 Jan 2010, Alex Bligh wrote:
> >> I meant computational resource requirements resultant from crypto
> >> operations, not algorithmic complexity.
> >
> > I had no problems doing this
thanks paul.
>
> That might be draft-hoffman-dnssec-ecdsa. I let it expire earlier this month
> because the DNSEXT WG is still not clear on the allowable statuses for crypto
> documents, but have today revived it based on your comment.
>
> If you don't consider this to be "a good dr
On Wed, Jan 13, 2010 at 09:53:16PM +, Jim Reid wrote:
> On 13 Jan 2010, at 21:35, Alex Bligh wrote:
>
> >You've eliminated TCP fallback for non-DNSSEC supporting clients.
>
> So add that to the list:
> [6] TCP (no EDNS0) if [5] fails.
>
dnssec is just the first extention to re
On Wed, Dec 23, 2009 at 01:46:58PM -0500, Paul Wouters wrote:
> On Wed, 23 Dec 2009, bmann...@vacation.karoshi.com wrote:
>
> >There has been some discussion of late about DNS MTU sizing and EDNS0
> >"fall-back".
> >I've found another "culprit" in the program DNSMASQ - distributed with
> >Fedora
There has been some discussion of late about DNS MTU sizing and EDNS0
"fall-back".
I've found another "culprit" in the program DNSMASQ - distributed with
FedoraCore 10
and later versions of RedHat.
to wit:
-P, --edns-packet-max=
Specify the largest EDNS.0 UDP packet which
Well - her name was attached to the article, so I didn't think
it was inappropriate to mention gender. And no, shes not the
first journalist to mangle words or misunderstand, or misrepresent.
--bill
On Wed, Nov 04, 2009 at 08:56:07PM +0100, Alfred Hvnes wrote:
> Bill Manning wrote:
>
> >
cool eh? although I suspect she ment responses.
--bill
On Wed, Nov 04, 2009 at 07:58:41PM +0100, Alfred Hvnes wrote:
> Interesting News!
>
> There must be a hidden trick to introduce DNS Jumbograms we just
> forgot to mention
>
>
> In a press article [1] entitled
> "Root z
On Wed, Nov 04, 2009 at 11:09:53AM -0800, Nicholas Weaver wrote:
> Question: Have people been able to estimate how large the signed root
> zone response will be?
>
> I'm assuming its below the magic 1500B level for standard queries. Is
> this correct?
>
> Oh, and one thing to watch out for:
On Wed, Oct 21, 2009 at 08:32:49AM +0100, ray.bel...@nominet.org.uk wrote:
> > Mark, I din't think this is true given how the proposed protocol
> > works. For a start, you often cannot fetch the DNSKEY RR for ARPA
> > before running the protocol.
>
> Indeed LOCAL.ARPA would need to be unsigned.
On Tue, Oct 20, 2009 at 07:38:19PM -0400, Joe Abley wrote:
>
> On 2009-10-20, at 19:29, Mark Andrews wrote:
>
> >>ARPA will soon be signed, so I don't think this is much to worry
> >>about. If the powers that be finally agree to make NXDOMAIN/NODATA
> >>synthesis the default in the upcoming mino
http://www.icann.org/en/committees/dns-root/root-scaling-study-report-31aug09-en.pdf
--bill
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
a few of us actually did a little work in this area three or four years
ago - did working proof of concepts - and were promptly ignored.
(the claim was - this work was premature)
--bill
On Tue, Sep 08, 2009 at 01:23:51PM -0400, Edward Lewis wrote:
> At 13:13 -0400 9/8/09, Paul Wouters wrote:
>
On Mon, Aug 31, 2009 at 03:49:50PM +0530, venkatesh.bs wrote:
> Hi all,
> I have one query regarding DNS cache maintaince in dns stub resolver(DNS
> client Not server side cache maintainence), Whether DNS Cache should be
> based on per server address or based on FQDN only.
>
>
> >>1. Query
On Wed, Aug 26, 2009 at 07:44:43AM -0700, Todd Glassey wrote:
> Since the Internet is formally listed as a component of US Critical
> Infrastructure - I want to know the specific provisioning requirements
> for operating a root server. Anyone got a pointer to these?
>
> Todd Glassey
> __
On Tue, Aug 25, 2009 at 01:37:32PM -0400, Joe Abley wrote:
>
> On 25-Aug-2009, at 13:13, bmann...@vacation.karoshi.com wrote:
>
> >>If there's no practical motivation to roll keys, then let's not do
> >>it.
> >>Rolling keys is a pain.
> >>
> >>If there *is* a practical motivation to roll keys,
>
> If there's no practical motivation to roll keys, then let's not do it.
> Rolling keys is a pain.
>
> If there *is* a practical motivation to roll keys, then let's not
> infer any trust at all from old keys.
>
> Joe
please help me understand "practical motivation"?
--bill
_
class is not always IN.
--bill
On Tue, Jul 28, 2009 at 08:42:03AM +0530, venkatesh.bs wrote:
> Thanks olufur,
>
> Is anywhere in RFC they have mentioned about DNS cache can be based on
> FQDN, QUERY TYPE (we are ignoring the class as it is always INTERNET(IN)).
>
> Thanks & Regards,
> venka
On Tue, Jun 30, 2009 at 10:33:15AM -0400, Paul Wouters wrote:
> On Tue, 30 Jun 2009, Patrik Fdltstrvm wrote:
>
> >A.3. Have the registry remove DS implicitly if domain is transferred to
> >registrar that does NOT handle DNSSEC.
> >
> >My suggestion is that we look carefully on option A.3. This do
On Tue, May 19, 2009 at 02:38:01PM +0100, John Dickinson wrote:
> Sz sez...
> >
> >Please don't change this. Making finer distinctions in one document,
> >clearly defined, is one thing. But please don't try to change
> >terminology we're finally starting to get people to use; it's been
> >(and cont
On Tue, May 12, 2009 at 04:28:01PM -0400, Paul Wouters wrote:
> On Tue, 12 May 2009, Olafur Gudmundsson wrote:
>
> >>Section 3: "Priming can occur when the validating resolver starts, but a
> >>validating resolver SHOULD defer priming of individual trust anchors
> >>until each is first needed fo
On Thu, Apr 30, 2009 at 02:15:48PM +0800, madi wrote:
> Hi, Stephane.
>
> To give a countermeasure, the response from a recursive sever might as well
> be cached in form of both plaintext and ciphertext which is generated by the
> very recursive server. Thatbcursive server and authoritative nam
Yo Joe,
many moons back, it was pointed out to me by some cryto folks that
there is an
interesting relationship btwn key length and signature duration. One could
make the argument
that for persistent delegations, you might want to ensure longer length keys
and possibly
longer duration
locus of control. centralization of resource control.
lack of autonomy in an end-to-end system. trust anchor placement
is "just another brick in the wall" here. but i have now dragged out
my soapbox and i'm pretty sure this is not speakers corner...
so i'll shut up and go back in the w
On Thu, Apr 23, 2009 at 12:52:37PM -0400, Edward Lewis wrote:
> At 8:43 -0700 4/23/09, David Conrad wrote:
>
> >root servers). However the point is that you need to do the validation
> >someplace you can talk securely to. The easiest answer is to simply do the
> >validation on the same host.
> >
On Thu, Apr 23, 2009 at 06:32:38PM +0800, i),h?* wrote:
> Hi, folks.
>
> As we all know, DNSSEC provides origin authentication and integrity assurance
> services for DNS data exchanged between DNS resolver and name-sever, while
> DNSSEC fails to give a means by which the DNS queries or response
On Fri, Apr 10, 2009 at 04:19:03PM -0400, Edward Lewis wrote:
> At 13:04 -0700 4/10/09, SM wrote:
>
> >This message (
> >http://www.ops.ietf.org/lists/namedroppers/namedroppers.2005/msg00944.html
> >) and some other messages on the ietf-smtp mailing list could be
> >read as a lack of support fo
I really like the Shoup paper. But I've not seen too many implementations in
the wild. :)
--bill
On Tue, Mar 10, 2009 at 12:49:55PM -0400, Michael StJohns wrote:
> Hi Alfred -
>
> A better scheme for threshold signing for the root might be the Shoup paper:
> "Practical Threshold Signature
On Tue, Mar 10, 2009 at 10:27:21AM +0100, Stephane Bortzmeyer wrote:
> On Mon, Mar 09, 2009 at 01:04:42PM -0400,
> Andrew Sullivan wrote
> a message of 59 lines which said:
>
> > John's view is that the original "alphabetic restriction" in 1123
> > was indeed intended as a restriction,
>
> I
On Tue, Mar 10, 2009 at 12:55:51PM +1100, Mark Andrews wrote:
>
> In message , David Blacka
> wr
> ites:
> >
> > On Mar 9, 2009, at 5:35 PM, Mark Andrews wrote:
> > >
> > > On a related issue DS -> DNSKEY translations cannot be
> > > performed until the DNSKEY is published in the zone. The
On Tue, Mar 10, 2009 at 08:35:40AM +1100, Mark Andrews wrote:
>
> In message <200903091515.n29ffetp055...@stora.ogud.com>, Olafur Gudmundsson
> wri
> tes:
> > --===0733757033==
> > Content-Type: multipart/alternative;
> > boundary="=_777355448==.ALT"
> >
> > -
na... the ^B. is for the visually impared. the DNS can talk!
(and it does meet your "explict directionality" concern.)
actually, I have a fundamental disagreement w/ your logic. I think
that your general rule of "only add if proven to create no harm" or
infering "dangerous" - are on the sl
does this mean my chances for ^B. are nil? :)
--bill
On Sat, Mar 07, 2009 at 12:07:01PM +0100, Patrik Fdltstrvm wrote:
> On 6 mar 2009, at 21.54, Edward Lewis wrote:
>
> >And, from what I have heard, I believe "display issues" is at the
> >heart of the problem.
> >
> >I'm sure Patrik is ac
On Thu, Nov 20, 2008 at 12:14:45PM +0100, Florian Weimer wrote:
> I came across the following in some IPv6-related draft and thought I'd
> share it.
>
> |3.1. Using DNS to Learn IPv6 Prefix and Length
> |
> | In order for an IPv6 host to determine if a NAT64 is present on its
> | network, it
any KSK can be used as a TA. there is no way to know - unambigiously -
that any given KSK is not being used as a TA in some validator.
however, your assertion that at KSK should -never- be rolled unless
compromise is known or strongly suspected is -BAD- from an operational
and liklely from a
On Sun, Sep 28, 2008 at 09:14:38PM -0700, Paul Hoffman wrote:
> In the last paragraph of 3.1.1, change:
>These
>can include the registry of the parent zone or administrators of
>verifying resolvers that have the particular key configured as secure
>entry points.
> to:
>If there
On Fri, Aug 29, 2008 at 10:23:53AM +1000, Mark Andrews wrote:
>
> > > - The parent is already trusted with DNSSEC tools, since the parent is
> > > signing the parent's zone (including the DS record!)
> >
> > assuming facts not in evidence. there is active discussion
> > about having uns
On Thu, Aug 28, 2008 at 12:04:15AM -0400, Brian Dickson wrote:
>
> The DS may be provided by the operator of the subordinate zone, or built
> by the parent operator,
> most likely the latter.
thats an interesting premise.
why do you think this will be the case?
On Thu, Aug 28, 2008 at 12:56:09AM -0400, Brian Dickson wrote:
> [EMAIL PROTECTED] wrote:
> >On Thu, Aug 28, 2008 at 12:04:15AM -0400, Brian Dickson wrote:
> >
> >>The DS may be provided by the operator of the subordinate zone, or built
> >>by the parent operator,
> >>most likely the latter.
> >
>
> http://publicsuffix/learn/ has more info (and I've just checked in
> another update, which should be visible in the next day or so. There's a
> human in the update loop).
>
> Gerv
> ___
that URL does not resolve in the way you might
> > Mark made the claim that a local copy of the root would stop the
> > traffic, which is false. a local copy of the root simply diffuses
> > the traffic.
> >
> > the down sides to local copies of the root as seen from the
> > peanut gallery:
> >
> > ) coherence of the a
On Fri, Apr 04, 2008 at 07:37:31AM -0700, David Conrad wrote:
> On Apr 4, 2008, at 7:02 AM, Andrew Sullivan wrote:
> > On Fri, Apr 04, 2008 at 02:16:32PM +1100, Mark Andrews wrote:
> >>> er, it (the bogus ttraffic) still reaches the root.
> >>> just your copy of the root, not mine.
> >>Yep.
On Fri, Apr 04, 2008 at 09:05:25AM +1100, Mark Andrews wrote:
>
> There really is only one solution to preventing "bogus"
> traffic reaching the root servers and that is to run a local
> copy of the root zone.
er, it (the bogus ttraffic) still reaches the root.
j
still do... both
localhost.
1.0.0.127.in-addr.arpa.
::1.ip6.arpa. #
# yeah yeah... shoot me
--bill
On Thu, Apr 03, 2008 at 10:48:45AM -0400, Edward Lewis wrote:
> At 12:19 +0200 4/3/08, Antoin Verschuren wrote:
> >Hi,
> >
> >I may have missed this, but I'd like to h
On Tue, Apr 01, 2008 at 06:34:38AM +1100, Mark Andrews wrote:
>
> Multiple PTR records do not scale.
what does that mean Mark?
why does "Multiple A records" scale and not others?
is this a DNS protocol issue or an implementation artifact?
> Today we
I'm going to ask this question here too.. are we talking about the DNS
or are we talking about an applications use of data published in the DNS?
i see this draft in the context of the historical DNS ... it is a mapping
service, a name to an address AND an address to a name. the mapping service
perhaps your answer can be found in the first line of Barbaras
message. let me quote it:
"> On 4 February 2008, IANA will add records for the IPv6 addresses
> of the four root servers whose operators have requested it. "
for the four root servers whose operators have REQUESTED it.
(e
On Fri, Dec 07, 2007 at 01:39:33AM +, Lican Huang wrote:
> 2^128 addresses may be not used all. But I am doubtful of " A more
> realistic estimate of address usage would be 100 * earth's population. " .
> There are many public equipments with IP addresses in the future, may be in
> the st
On Thu, Dec 06, 2007 at 03:22:04PM +, Lican Huang wrote:
> My draft is about to handle possible problems when huge amount of domain
> names when Internet is in Ipv6 stage. Because of unlimited amount of Ipv6
> addresses, unlimited amount of hosts ( servers, PC, even mobile phones, e
On Wed, Dec 05, 2007 at 02:10:52AM +, Lican Huang wrote:
> If SEARCH outside DNS were full power, then DNS would disappear soon. And
> all DNS registrar companies would broken out.
perhaps you are right. at this point we don't have enough data.
> What is the difference between
On Tue, Dec 04, 2007 at 04:27:06AM +, Lican Huang wrote:
> When Ipv4 addresses will be Exhausted in the near future and the next
> generation Intenert( Ipv6) will take over, DNS names will also be exhausted
> soon with the increase of hosts and users. Lenny Foner has pointed
> other d
On Wed, Nov 28, 2007 at 05:28:47PM +0100, bert hubert wrote:
> On Wed, Nov 28, 2007 at 04:22:41PM +, [EMAIL PROTECTED] wrote:
> > > The increase in traffic might easily be due to more favourable
> > > connectivity
> > > to 'B', which would lead many resolver implementations to shift more
> >
On Wed, Nov 28, 2007 at 05:15:59PM +0100, bert hubert wrote:
> On Wed, Nov 28, 2007 at 04:07:59PM +, [EMAIL PROTECTED] wrote:
> > and perhaps more interesting, the old address for "B"
> > showed a tapering off of traffic and then an INCREASE
> > last year. Old L and J got their nu
On Wed, Nov 28, 2007 at 10:58:17AM -0500, Matt Larson wrote:
> On Wed, 28 Nov 2007, Peter Koch wrote:
> > On Tue, Nov 27, 2007 at 02:35:29PM -0800, John Crain wrote:
> >
> > > Currently about 60% New IP to 40% old IP... and rising slowly
> > >
> > > So clearly a lot of folks still need to up date
On Wed, Nov 28, 2007 at 08:15:51AM -0500, Joe Abley wrote:
>
> On 27-Nov-2007, at 10:23, Paul Vixie wrote:
>
> >[EMAIL PROTECTED] (Warren Kumari) writes:
> >
> >>... What do people think about setting up a legal entity called RSTOA
> >>that would then perform some very simple checks before handin
On Tue, Nov 27, 2007 at 01:03:59PM -0800, David Conrad wrote:
> Bill,
>
> > i have a zone, example.org and chose the following
> > nameservers:
> >
> > moe.rice.edu
> > ns.isi.edu
> > PDC.example.org
> >
> > as the admin of PDC.example.org, I know what IP addresses
> > are assigned and can chang
On Tue, Nov 27, 2007 at 04:19:50PM -0500, Edward Lewis wrote:
> At 8:57 PM + 11/27/07, [EMAIL PROTECTED] wrote:
>
> > as the admin of PDC.example.org ... however, it is
> > the Height of Arrogance to presume I can tell the rice.edu
> > or isi.edu people what IP addresses to use on
On Tue, Nov 27, 2007 at 02:05:55PM -0500, Edward Lewis wrote:
> At 6:25 PM + 11/27/07, [EMAIL PROTECTED] wrote:
>
> > then we have a small issue... you as zone admin, can't
> > dictate which IP's i must use on my machines, since you don't
> > control my connectivity. as zone admi
On Tue, Nov 27, 2007 at 01:18:04PM -0500, Edward Lewis wrote:
> At 5:59 PM + 11/27/07, [EMAIL PROTECTED] wrote:
>
> > so WHO is the "owner" of that IP data, the zone admin
> > for "example.org" or the machine admin for "ns1.example.org"?
>
> The zone admin for sure. It is the registr
> Note that in a registry, there's an ordering problem, too. Consider
> this case
>
> 1. Register example.org with some name servers.
>
> 2. Register ns1.example.org. It's not yet a name server, so you
> don't need an IP address, because no glue is strictly needed.
>
> 3. Update example
On Mon, Nov 26, 2007 at 01:26:00PM -0500, Warren Kumari wrote:
>
> On Nov 26, 2007, at 11:48 AM, Joe Abley wrote:
> >
> >
> >I don't have strong feelings about whether the "LOA in an RFC" idea
> >is plausible, or even good, but I thought I'd throw it out anyway.
> >If there was consensus that
I presume you have been using the tahi testsuite and are wanting
something -different-?
http://www.tahi.org/dns/
--bill
On Tue, Nov 13, 2007 at 11:27:31AM +0100, Patrik Wallstrom wrote:
> Hi,
>
> .SE is currently performing DNS tests of consumer broadband routers as
> we have had problems wi
1 - 100 of 109 matches
Mail list logo
