Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

2021-10-26 Thread Vladimír Čunát
On 26/10/2021 12.10, Roy Arends wrote: I have a slide ready to discuss the issue that DNS Query Name Minimization brings… A minimised query can’t be distinguished from a full query, so it may not be clear what name caused an issue. The current thinking (but will be discussed later today) is to

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

2021-10-26 Thread Roy Arends
Hi Petr, > On 26 Oct 2021, at 11:02, Petr Špaček wrote: > > On 26. 10. 21 11:14, Vladimír Čunát wrote: >> Hello. >>> DNS Error reporting SHOULD be done using DNS Query Name Minimization >>> [RFC7816 ] to improve >>> privacy. >> It's just a detail

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

2021-10-26 Thread Vladimír Čunát
On 26/10/2021 12.02, Petr Špaček wrote: We need to consider & document interaction between Query Name Minimization and NXDOMAIN processing as per RFC 8020. If minimization & RFC 8020 are on default then it might very easily happen that most of _er subtrees (which are presumably empty) will be c

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

2021-10-26 Thread Roy Arends
> On 26 Oct 2021, at 10:14, Vladimír Čunát wrote: > > Hello. > > >> DNS Error reporting SHOULD be done using DNS Query Name Minimization >> [RFC7816 ] to improve privacy. > > It's just a detail and "SHOULD" isn't strong, but I expect it might be

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

2021-10-26 Thread Petr Špaček
On 26. 10. 21 11:14, Vladimír Čunát wrote: Hello. DNS Error reporting SHOULD be done using DNS Query Name Minimization [RFC7816 ] to improve privacy. It's just a detail and "SHOULD" isn't strong, but I expect it might be worth elaborating here.

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

2021-10-26 Thread Vladimír Čunát
Hello. DNS Error reporting SHOULD be done using DNS Query Name Minimization [RFC7816 ] to improve privacy. It's just a detail and "SHOULD" isn't strong, but I expect it might be worth elaborating here.  The name used in the reporting query adds

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

2021-10-26 Thread Matthijs Mekking
Hi, On 26-10-2021 01:56, Roy Arends wrote: On 20 Oct 2021, at 14:14, libor.peltan wrote: Hi all, although for me, as an implementer of an auth server, it's not too important, I'd like to ask for clarification regarding the foreseen reporting domain(s) setup in the (usual) case of many secon

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

2021-10-25 Thread Roy Arends
> On 20 Oct 2021, at 14:14, libor.peltan wrote: > > Hi all, > > although for me, as an implementer of an auth server, it's not too important, > I'd like to ask for clarification regarding the foreseen reporting domain(s) > setup in the (usual) case of many secondary auth servers. > > The dra

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-00.txt

2021-10-20 Thread libor.peltan
Hi all, although for me, as an implementer of an auth server, it's not too important, I'd like to ask for clarification regarding the foreseen reporting domain(s) setup in the (usual) case of many secondary auth servers. The draft says: "Each authoritative server SHOULD be configured with a