On 11/24/15, 16:24, "Wessels, Duane" wrote:
>I'd put it slightly differently. I'd say it is most useful for
>"configured
>trust anchors" whether they're updated with RFC 5011, or not. By
>"configured
>trust anchor" I mean the trust anchor material that exists outside the
>name server process,
On 24 Nov 2015, at 21:40, Patrik Fältström wrote:
I have read this draft and have a number of comments. I can not say
these are the only ones, but at least some :-)
This is only the beginning of the conversation, so: yes. :-)
The dominant protocol for name resolution on the Internet is the
> On Nov 25, 2015, at 6:33 AM, Edward Lewis wrote:
>
> In an effort to simplify and streamline this (for reasons I'll include
> later), what about telling a querier to only send this option when it is
> sending a query to an IP address that is authoritative for the DNSKEY set?
For the recursive
All
In case this did not end up in your mailbox, the ICANN Technical Liaison
Group (TLG) is relevant to our interests. I think there are many
competent people in DNSOP (including the current liaisons Warren Kumari
and Paul Wouters) who could add value.
thanks
tim
Forwarded Mess
On 11/25/15, 13:05, "Wessels, Duane" wrote:
>Can you say more about how limited you think it should be? Never?
(Probably) as much as possible. I can't see the benefit of telling a
third party this. (First party being the validator/querier, second party
being the authority of the trust anchor
Greetings -
As of Nov. 22 Neustar UltraDNS has completed the rollout of the latest
resolver which addresses the NSEC3 authenticated denial of existence
issues.
Thanks to Viktor for assisting in the testing and verification of the fix.
-Steve
On 8/11/15, 10:20 PM, "DNSOP on behalf of Viktor Dukh
> On Nov 25, 2015, at 12:17 PM, Edward Lewis wrote:
>
> On 11/25/15, 13:05, "Wessels, Duane" wrote:
>
>> Can you say more about how limited you think it should be? Never?
>
> (Probably) as much as possible. I can't see the benefit of telling a
> third party this. (First party being the val
On 12/11/2015 18:58, IETF Secretariat wrote:
>
> The DNSOP WG has placed draft-andrews-dns-no-response-issue in state
> Candidate for WG Adoption (entered by Tim Wicinski)
I support adoption of this draft, and will review it.
Ray
[ObDisclaimer - the author is a colleague].
_
I support the general concept (responsive servers are often better netizens)
and will review the draft, so I support this draft for WG adoption.
Roy
> On 12 Nov 2015, at 18:58, IETF Secretariat
> wrote:
>
>
> The DNSOP WG has placed draft-andrews-dns-no-response-issue in state
> Candidate f
Testing for things like a successful resolution to _25._tcp.example.com.
IN TLSA is something registries / registrars should be doing. If
you deploy servers that are incapable of answering the query then
that becomes potential grounds for removal of the delegation.
Whether you have or don't have
RFC7230 Section 2.7.1 says this about hostnames in HTTP URLs:
"""
If host is a registered name, the registered name is an indirect identifier for
use with a name resolution service, such as DNS, to find an address for that
origin server.
"""
... which builds on how RFC3986 Section 3.2.2 talks
11 matches
Mail list logo
