Andrew Sullivan wrote:
>
> Joe Abley and I have just submitted a draft
> (https://datatracker.ietf.org/doc/draft-sullivan-dnsop-refer-down/)
> that is intended to capture the discussion here about referrals and
> how to describe them. It is intended for BCP, and it discourages
> upward referrals
Hi,
On Wed, Nov 29, 2017 at 11:16:28AM +, Tony Finch wrote:
>
> Regarding the definition of referrals from older RFCs, see my
> terminology review from May 2015:
> https://www.ietf.org/mail-archive/web/dnsop/current/msg14243.html
Yes, it's your review that has caused this issue :)
> I think
On Wed, Nov 29, 2017 at 01:14:13PM +1100, Mark Andrews wrote:
> When the CNAME refers to a name that is out of zone and the target zone is
> below
> a zone that the server serves you will have CNAME (DNAME) + referral.
>
> 4.3.2 loops.
This part I got.
> pass 1 -> 3a (adds CNAME, AA is
On Tue, Nov 28, 2017 at 07:08:01PM -0800, Paul Vixie wrote:
> that's fatally unclear.
So I gather :)
> then the thing to say would be "a referral should always be downward, and if
> a non-downward referral is received, it should be treated as a network data
> configuration error".
No, that is at
1034 cannot be reasonably read that way. I am asking for a clarification not a
rule change.
On November 29, 2017 8:21:01 PM GMT+08:00, Andrew Sullivan
wrote:
>On Tue, Nov 28, 2017 at 07:08:01PM -0800, Paul Vixie wrote:
>> that's fatally unclear.
>
>So I gather :)
>
>> then the thing to say wou
> On 29 Nov 2017, at 11:17 pm, Andrew Sullivan wrote:
>
> On Wed, Nov 29, 2017 at 01:14:13PM +1100, Mark Andrews wrote:
>> When the CNAME refers to a name that is out of zone and the target zone is
>> below
>> a zone that the server serves you will have CNAME (DNAME) + referral.
>>
>> 4.3.2 lo
On Wed, Nov 29, 2017 at 02:37:20AM +, Evan Hunt wrote:
>
> I think the phrasing is unclear because "this response is not required to
> work" is ambiguous. The response *itself* doesn't have to work? Or the
> resolver can get along without this response? I took it to mean the
> latter, but I
On Wed, Nov 29, 2017 at 12:23:36PM +, P Vix wrote:
> 1034 cannot be reasonably read that way.
Sure it can. See the discussion in draft-sullivan-dnsop-refer-down
and on the list not two weeks ago for how. I think it should _not_ be
read that way, but an honest reader could read it that way, a
Andrew Sullivan wrote:
>
> I'm not totally convinced, but I can certainly see the argument. If
> we added to the text I proposed something like, "Many people use the
> unqualified term 'referral' to mean only a downward referral," would
> that help?
Well, I would say, s/many people/Paul Mockapet
No, sir. Closer means downward. Nobody believes otherwise. Not even you, or
Joe. The only person ever to get it wrong was me, and I have recanted. Please
do not write anything that blurs or softens the clear language of
downwards-ness in 1034. If you can't keep the clear spirit and intent of the
> On Nov 16, 2017, at 3:23 AM, tjw ietf wrote:
>
> This starts a Call for Adoption for draft-huston-kskroll-sentinel
I support the document and will review and provide comments.
Matt
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman
On Wed, Nov 29, 2017 at 01:55:29PM +, P Vix wrote:
> Please do not write anything that blurs or softens the clear language of
> downwards-ness in 1034. If you can't keep the clear spirit and intent of the
> existing document then please write nothing at all.
>
I don't believe 1034 is anywher
Andrew Sullivan wrote:
> But I shall not include a change to the definition of referrals such
> that upward referrals are defined away. They exist, today, all over the
> Internet, and it would be extremely foolish lexicography to attempt to
> hide that.
Upward referrals exist, but bare "referra
On 29 Nov 2017, at 7:06, Tony Finch wrote:
> Andrew Sullivan wrote:
>
>> But I shall not include a change to the definition of referrals such
>> that upward referrals are defined away. They exist, today, all over the
>> Internet, and it would be extremely foolish lexicography to attempt to
>> hi
On Wed, Nov 29, 2017 at 03:06:02PM +, Tony Finch wrote:
> Upward referrals exist, but bare "referral" is short for "downward
> referral". Other things that look like referrals (such as upward
> referrals or implicit referrals) have to have a qualifier.
+1
--
Evan Hunt -- e...@isc.org
Interne
On Wed, Nov 29, 2017 at 07:25:53AM -0500, Andrew Sullivan wrote:
> How about, "This kind of response is not required for resolution or
> for correctly answering any query, and in practice some authoritative
> server operators will not return referral responses beyond those
> required for delegation
On 29 November 2017 at 12:17, Andrew Sullivan
wrote:
> On Wed, Nov 29, 2017 at 01:14:13PM +1100, Mark Andrews wrote:
> > When the CNAME refers to a name that is out of zone and the target zone
> is below
> > a zone that the server serves you will have CNAME (DNAME) + referral.
> >
> > 4.3.2 loops
On Wed, Nov 29, 2017 at 09:18:39PM +, Dick Franks wrote:
>
> And said referral could be to an arbitrary node in the DNS tree, i.e.
> possibly "upward"?
>
> Or am I missing something?
That depends on whether you believe the later part of the algorithm in
RFC 1034 (where it says to do things
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : Security Considerations for RFC5011 Publishers
Authors : Wes Hardaker
Michael StJohns writes:
> Ok - after thinking about it, it turns out to be fairly simple.
Thanks for the math and text. Based on your text, I've added (back) the
section on safetyMargin. Can you check the -08 version to see if I
mis-spoke you at all? Note that I added a few more lines and rou
On 29 November 2017 at 21:23, Andrew Sullivan
wrote:
> On Wed, Nov 29, 2017 at 09:18:39PM +, Dick Franks wrote:
> >
> > And said referral could be to an arbitrary node in the DNS tree, i.e.
> > possibly "upward"?
> >
> > Or am I missing something?
>
> That depends on whether you believe the
internet-dra...@ietf.org writes:
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories. This draft is a work item of the Domain Name System
> Operations WG of the IETF.
FYI, this contains the restructuring talked about during IETF100/dnsop
as well the new safetyMargi
> On 29 Nov 2017, at 21:18, Dick Franks wrote:
>> On 29 November 2017 at 12:17, Andrew Sullivan
>> wrote:
>>
>> Right, and the authoritative server can't proceed, but the referral is
>> necessary. Good, this is helpful, thanks. This also means, of
>> course, that in such a response the answe
On 29 November 2017 at 23:13, Tony Finch wrote:
>
>
> On 29 Nov 2017, at 21:18, Dick Franks wrote:
>
> On 29 November 2017 at 12:17, Andrew Sullivan
> wrote:
>>
>>
>> Right, and the authoritative server can't proceed, but the referral is
>> necessary. Good, this is helpful, thanks. This also
> On 29 Nov 2017, at 23:13, Tony Finch wrote:
> ... you get an implicit referral from the cache (which can be upwards).
I just realised this might be a useful point.
Normal (downward) referrals come from authoritative data, and indicate the
server is saying to the client, you need to ask here
On Wed, Nov 29, 2017 at 11:34:12PM +, Tony Finch wrote:
>
> Normal (downward) referrals come from authoritative data, and indicate the
> server is saying to the client, you need to ask here next; on the other hand
> these special kinds of referrals come from the cache. An implicit referral
andrew, et al, i see that the discussion continued overnight (i'm here
in beijing) and i hope you can reach a consensus on the matter. here's
my input to the terminology of referrals.
---
According to RFC 1034 section 4.3.2 step 3 substep B, a referral
"happens when we encounter a node with N
27 matches
Mail list logo
