Hello dnsop,
while implementing DNSSEC validation into Fedora/RHEL distributions we face
problems with debugging SERVFAILs seen by stub resolvers because different
causes of SERVFAILs are indistinguishable.
Even in cases where we have access to server logs (e.g. because the validating
resolver ru
Hello,
On 2015-02-11 15:18, Petr Spacek wrote:
while implementing DNSSEC validation into Fedora/RHEL distributions we
face
problems with debugging SERVFAILs seen by stub resolvers because
different
causes of SERVFAILs are indistinguishable.
...
Wild idea: Could it be solved by adding more inf
Hi Petr,
This has been discussed in the past a few times and died as people could not
agree on what the format of the record was going to be, if it was going to be
useful for human or computers
etc.
The first idea was probably presented in 1987 by Robert Watson and myself
https://tools.ietf
On Wed, Feb 11, 2015 at 03:44:31PM +0100, Pier Carlo Chiodi wrote:
> >Wild idea: Could it be solved by adding more information to SERVFAIL
> >answer?
>
> a draft was proposed with this very topic, but it's expired now:
>
> https://datatracker.ietf.org/doc/draft-hunt-dns-server-diagnostics/
I'
Hello dnsop,
draft-ietf-dnsop-dnssec-roadblock-avoidance is a nice idea in general but
current version of "Roadblock Avoidance", section 5, version 01 has a
significant drawback:
Else if the resolver is labeled "Not a DNS Resolver" or
"Non-DNSSEC capable"
Mark it as u
On 11.2.2015 17:08, Evan Hunt wrote:
> On Wed, Feb 11, 2015 at 03:44:31PM +0100, Pier Carlo Chiodi wrote:
>>> Wild idea: Could it be solved by adding more information to SERVFAIL
>>> answer?
>>
>> a draft was proposed with this very topic, but it's expired now:
>>
>> https://datatracker.ietf.org
On Wed, Feb 11, 2015 at 05:36:22PM +0100, Petr Spacek wrote:
> In other words, I do not think we can prevent people from doing crazy things
> just by obscuring format of diagnostics data. I'm sure somebody will try to
> parse free-form string 'signature expired 1 week ago' and do some decisions
> f
Hi all,
Warren and I have prepared draft-wkumari-dnsop-alt-tld-04. We'd
appreciate feedback. If there isn't any, maybe that's a sign that we
could just publish it and thereby create a special TLD in which people
could set up their various special use special names? This would be
tidier than hav
the concerns in my mind divide up into politics and technology.
The politics response is really simple: "this idea is doomed." -I wish I
felt otherwise, but I think given the context of the debate over ICANN, who
'owns' names, $180,000 application fees, IAB directions to IANA, NTIA role,
this is m
On 24Dec14, Mark Delany allegedly wrote:
> > The draft is available here:
> > http://datatracker.ietf.org/doc/draft-vandergaast-dnsop-edns-client-subnet/
>
> a) 6.2 - Intent of SCOPE NETMASK
>
> "In both cases, the value of the SCOPE NETMASK in the reply has strong
> implications with regard
we've got two agencies who do DNS, and probably have > 20% worldwide
eyeball share in DNS (I don't know, thats a guesstimate) now doing
edns0_client_subnet albiet with whitelist, so its a permit-list, but its
functionally 'there'
we've got running code in bind. and no doubt other product.
wouldn'
11 matches
Mail list logo
