On 17.8.2017 01:09, John Levine wrote:
> In article <20170816071920.ba2c98287...@rock.dv.isc.org> you write:
>>> A colleague says "If TLDs allowed UPDATE messages to be processed most
>>> of the issues with DNSSEC would go away. At the moment we have a whole
>>> series of kludges because people a
On 16 August 2017 at 19:09, John Levine wrote:
> In article <20170816071920.ba2c98287...@rock.dv.isc.org> you write:
> >> A colleague says "If TLDs allowed UPDATE messages to be processed most
> >> of the issues with DNSSEC would go away. At the moment we have a whole
> >> series of kludges becau
On 16.8.2017 23:59, Warren Kumari wrote:
> On Wed, Aug 16, 2017 at 4:05 AM, Ralf Weber wrote:
>> Moin!
>>
>> On 16 Aug 2017, at 2:44, Warren Kumari wrote:
If it's a commonly-used name, I suspect the more straightforward
"prefetching" should suffice in practice:
https://datatracker
Have a look at:
https://datatracker.ietf.org/doc/draft-ietf-regext-dnsoperator-to-rrr-protocol/
I've talked to Jacques about it, will try it when I have a chance. I only
have two .CA domains so it's not a very high priority at this point.
I agree that at this point it's the most promising app
El 17 ag 2017, a les 0:09, Lanlan Pan va escriure:
> We can use SWILD to optimize it, not need to detecting, just remove items
> which SWILD marked, to save cost.
So, can you talk about how your proposal saves cost over using a heuristic?
> 2) cache miss
> All of temporary subdomain wildcards w
On Thu, 17 Aug 2017, Mark Andrews wrote:
Or you can have credentials to allow the hoster to update the DS
records alone.
Of course, but that's independent of how you present the updates to the
registry or registrar.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
In article
you write:
>2. I know I don't have enough expertise in this area to make an informed
>decision, and smart folks on this thread and elsewhere have told me that an
>insecure delegation would be better than status-quo. I added
>https://tools.ietf.org/html/draft-west-let-localhost-be-loca
Moin!
On 17 Aug 2017, at 0:09, Lanlan Pan wrote:
> Yes, I agree, in fact the *online cache rate* is small (0.12% queries), LRU
> & TTL works fine.
> SWILD not save many online cache size, because of the queries rate.
> And Temporary Domain Names/ All Names: 41.7% for 7 days statistics, the
> rate
> On Aug 15, 2017, at 2:25 PM, Paul Vixie wrote:
>
>
>
> Viktor Dukhovni wrote:
>> On Tue, Aug 15, 2017 at 10:28:15AM -0700, Paul Vixie wrote:
>> ...
>>>
>>> We can specify that be sent as additional data for QTYPE=A, and
>>> that A be sent as additional data when QTYPE=.
>>>
>>> gi
On 08/15/2017 01:27 PM, Jared Mauch wrote:
>> On Aug 15, 2017, at 3:25 AM, Mikael Abrahamsson wrote:
>>
>> What is the opinion of this wg on that topic?
> There has been much discussion about doing away with any/255 and I seem to
> recall some discussion of a ANYA type which would return and
> From: Paul Vixie
> there will in my model be only one resolver, and while it may or may not
> be trusted to tell the truth, it may or may not also be trusted to tell
> a useful lie. that is, truth has value, and some lies also have value,
> for example an RPZ answer of NXDOMAIN when the qname i
The discussions about localhost (and 127.0.0.1 and ::1) have ben very
enlightening.
However, I wonder whether the desired use case -- reliably establishing a
connection to a host, based on information in DNS -- might be more
securely/reliably solved using other mechanisms?
Using "localhost" is ba
In message , "John R Levine" wri
tes:
> On Thu, 17 Aug 2017, Mark Andrews wrote:
> > Or you can have credentials to allow the hoster to update the DS
> > records alone.
>
> Of course, but that's independent of how you present the updates to the
> registry or registrar.
Yet, you chose to attempt
In message <20170817150106.5492.qm...@ary.lan>, "John Levine" writes:
> In article m> you write:
> >2. I know I don't have enough expertise in this area to make an informed
> >decision, and smart folks on this thread and elsewhere have told me that an
> >insecure delegation would be better than
On Fri, 18 Aug 2017, Mark Andrews wrote:
Or you can have credentials to allow the hoster to update the DS
records alone.
Of course, but that's independent of how you present the updates to the
registry or registrar.
Yet, you chose to attempt to shoot down the proposal based on the
premise tha
On Fri, 18 Aug 2017, Mark Andrews wrote:
Insecure NOERROR NODATA for A and are fine. Secure NOERROR NODATA
for DS is what is needed.
If you believe that's important (I don't) the stubs and caches can special
case that, too, of course.
Regards,
John Levine, jo...@taugh.com, Taughannock
El 17 ag 2017, a les 18:22, Brian Dickson va
escriure:
> Sorry if this isn't as clear as I intended - basically, what I'm saying, is
> that the answer might not even be an IP, protocol and port, but might even be
> a "file:/// " URI, for a named pipe, which avoids the whole IP
> stack.
It's h
In message , "John R Levine"
writes:
> On Fri, 18 Aug 2017, Mark Andrews wrote:
> >>> Or you can have credentials to allow the hoster to update the DS
> >>> records alone.
> >>
> >> Of course, but that's independent of how you present the updates to the
> >> registry or registrar.
> >
> > Yet, yo
On Thu, Aug 17, 2017 at 6:28 PM, Ted Lemon wrote:
> El 17 ag 2017, a les 18:22, Brian Dickson
> va escriure:
>
> Sorry if this isn't as clear as I intended - basically, what I'm saying,
> is that the answer might not even be an IP, protocol and port, but might
> even be a "file:///" URI, for a n
El 17 ag 2017, a les 21:54, Brian Dickson va
escriure:
> If you're trying to use "localhost", that means you're using some kind of
> name resolution, whether it be DNS, /etc/hosts, NIS+, or anything else.
> I'm suggesting that by using DNS, you can take advantage of what DNS has to
> offer, whi
On Fri, 18 Aug 2017, Mark Andrews wrote:
And the proposal was for registrars to process them except in the
case where the registry and registrar are the same entity. The
only thing the registry needs to run is a forwarding agent which
looks at the name of the zone to be updated (sanity checking
Sent from my iPhone
> On Aug 17, 2017, at 7:20 PM, Ted Lemon wrote:
>
> El 17 ag 2017, a les 21:54, Brian Dickson va
> escriure:
>> If you're trying to use "localhost", that means you're using some kind of
>> name resolution, whether it be DNS, /etc/hosts, NIS+, or anything else.
>> I'm sug
On 18 Aug 2017, at 4:39, John R Levine wrote:
> Some do it one way, some do it the other, and the registars and registries
> I've talked to feel very strongly about whichever way they do it.
Correct, and that is why my only strong view is that both mechanisms can be
implemented by the solution
23 matches
Mail list logo
