On Mon, Aug 07, 2023 at 08:51:36PM -0400, Shumon Huque wrote:
> Paging this thread back in after a break ...
>
> > For ENTs, there is no inconsistency, the nameserver can return a signed
> > answer with an empty RDATA for the ENTHERE (TBD) rtype.
> >
> > ; QUESTION:
> > ent.example. IN EN
Paging this thread back in after a break ...
On Tue, Jul 25, 2023 at 8:07 PM Viktor Dukhovni
wrote:
> On Tue, Jul 25, 2023 at 03:39:01PM -0700, Shumon Huque wrote:
>
> > Viktor - your original suggestion was to only define the ENT sentinel
> > instead of NXNAME. How would that solve the problem
On Tue, Jul 25, 2023 at 03:39:01PM -0700, Shumon Huque wrote:
> Viktor - your original suggestion was to only define the ENT sentinel
> instead of NXNAME. How would that solve the problem of systems and
> applications needing to precisely obtain the NXDOMAIN signal. Resolvers
> won't then be able
On Thu, Jul 27, 2023 at 2:49 PM Brian Dickson
wrote:
>
>
> On Tue, Jul 25, 2023 at 10:59 PM Viktor Dukhovni
> wrote:
>
>> On Tue, Jul 25, 2023 at 08:19:21PM -0700, Brian Dickson wrote:
>>
>> > At the name that does not exist, generate and sign (on the fly) a CNAME
>> > record with RDATA of somet
On Tue, Jul 25, 2023 at 10:59 PM Viktor Dukhovni
wrote:
> On Tue, Jul 25, 2023 at 08:19:21PM -0700, Brian Dickson wrote:
>
> > At the name that does not exist, generate and sign (on the fly) a CNAME
> > record with RDATA of something like "nxname.empty.as112.arpa" (or
> something
> > functionally
on "mollify".
Viktor Dukhovni wrote on 2023-07-25 22:59:
On Tue, Jul 25, 2023 at 08:19:21PM -0700, Brian Dickson wrote:
At the name that does not exist, generate and sign (on the fly) a CNAME
record with RDATA of something like "nxname.empty.as112.arpa" (or something
functionally equivalent).
On Tue, Jul 25, 2023 at 08:19:21PM -0700, Brian Dickson wrote:
> At the name that does not exist, generate and sign (on the fly) a CNAME
> record with RDATA of something like "nxname.empty.as112.arpa" (or something
> functionally equivalent).
Sadly, this reports that the CNAME *target* does not e
On Tue, Jul 25, 2023 at 3:39 PM Shumon Huque wrote:
> On Tue, Jul 25, 2023 at 11:28 AM Viktor Dukhovni
> wrote:
>
>> On Tue, Jul 25, 2023 at 10:43:25AM -0700, Shumon Huque wrote:
>>
>> > Ok, yes, I understand now, thanks. An NXNAME ignorant validator
>> > will treat a response to a query for the
On Tue, Jul 25, 2023 at 03:39:01PM -0700, Shumon Huque wrote:
> Viktor - your original suggestion was to only define the ENT sentinel
> instead of NXNAME. How would that solve the problem of systems and
> applications needing to precisely obtain the NXDOMAIN signal. Resolvers
> won't then be able
On Tue, Jul 25, 2023 at 11:28 AM Viktor Dukhovni
wrote:
> On Tue, Jul 25, 2023 at 10:43:25AM -0700, Shumon Huque wrote:
>
> > Ok, yes, I understand now, thanks. An NXNAME ignorant validator
> > will treat a response to a query for the NXNAME type specifically
> > as bogus, and could spray a bunch
On Tue, Jul 25, 2023 at 10:43:25AM -0700, Shumon Huque wrote:
> Ok, yes, I understand now, thanks. An NXNAME ignorant validator
> will treat a response to a query for the NXNAME type specifically
> as bogus, and could spray a bunch of follow-on queries to other
> servers for the zone before giving
On Tue, Jul 25, 2023 at 8:42 AM Viktor Dukhovni
wrote:
> On Tue, Jul 25, 2023 at 07:35:41AM -0700, Shumon Huque wrote:
>
> > > 2. That said, there are multiple ways to *distinguish* ENT vs.
> NXDOMAIN
> > > responses:
> > >
> > > a. Sentinel RTYPE for NXDOMAIN with just NSEC + RRSIG
On Tue, Jul 25, 2023 at 07:35:41AM -0700, Shumon Huque wrote:
> > 2. That said, there are multiple ways to *distinguish* ENT vs. NXDOMAIN
> > responses:
> >
> > a. Sentinel RTYPE for NXDOMAIN with just NSEC + RRSIG for ENT.
> > b. Sentinel RTYPE for ENT with just NSEC + RRSI
On Mon, Jul 24, 2023 at 1:55 PM Viktor Dukhovni
wrote:
> In today's session we had some discussion of the choice of sentinel
> RTYPEs for ENTs vs. NXDOMAIN.
>
> There isn't much in the meeting to cover the fine details of various
> alternatives, so I hope a followup message will make my comments
On Mon, Jul 24, 2023 at 07:08:29PM -0700, Brian Dickson wrote:
> I believe there are three potential query/answer things that on-line
> signers want to compactly respond to:
>
>1. Name exists, other types exist, queried type does not exist
>2. Name exists, no types exist (ENT), queried ty
On Mon, Jul 24, 2023 at 1:55 PM Viktor Dukhovni
wrote:
> In today's session we had some discussion of the choice of sentinel
> RTYPEs for ENTs vs. NXDOMAIN.
>
> There isn't much in the meeting to cover the fine details of various
> alternatives, so I hope a followup message will make my comments
In today's session we had some discussion of the choice of sentinel
RTYPEs for ENTs vs. NXDOMAIN.
There isn't much in the meeting to cover the fine details of various
alternatives, so I hope a followup message will make my comments more
clear.
1. I am all in favour of distinguishing NXDOMAIN fro
17 matches
Mail list logo
