During the discussions about draft-bortzmeyer-dname-root or about
draft-wkumari-dnsop-internal, there have been many remarks about the
risk for privacy if we delegate things to AS 112: unlike the root (or
.arpa), AS 112 is managed by many different people we don't know and
cannot know. So, leaked r
Stephane Bortzmeyer wrote:
...
Does it mean the privacy problem is solved? Or simply overlooked? Can
we delegate RFC 6761 special-use domains such as .internal to AS 112?
any AS112 operator can tell you that the world doesn't care about
privacy, based on the amount of organizationally sensit
On Mon, Dec 11, 2017 at 01:10:20AM -0800,
Paul Vixie wrote
a message of 31 lines which said:
> we have no way to assure that they hear a request that they add more
> secondary DNS zones to such servers. so if we delegate more zones
> that way, there will be a lot of SERVFAIL except for servers
Stephane Bortzmeyer wrote:
On Mon, Dec 11, 2017 at 01:10:20AM -0800,
Paul Vixie wrote
a message of 31 lines which said:
we have no way to assure that they hear a request that they add more
secondary DNS zones to such servers. so if we delegate more zones
that way, there will be a lot of
Greetings again.
Some of the new terms added to the terminology-bis draft
(https://datatracker.ietf.org/doc/draft-ietf-dnsop-terminology-bis/)since
RFC 7719 can expose what some (but not all) people perceive as lack of
clarity in RFC 1034/1035. This week, we hope you will look at the
definiti
Hi Stéphane,
On 11 Dec 2017, at 04:18, Stephane Bortzmeyer wrote:
> On Mon, Dec 11, 2017 at 01:10:20AM -0800,
> Paul Vixie wrote
> a message of 31 lines which said:
>
>> we have no way to assure that they hear a request that they add more
>> secondary DNS zones to such servers. so if we deleg
You don’t add the DNAME to the ARPA domain because it does not add the insecure
delegation that is REQUIRED. You add the DNAME to the HOME.ARPA domain if you
really want to redirect the traffic. For some reason IANA wants to make this
more complicated than it needs to be. You don’t need to co
Hi Mark,
Quoting Mark Andrews on Tuesday December 12, 2017:
>
> HOME.ARPA. SOAA.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2017121101
> 1800 900 604800 86400
> HOME.ARPA.NS A.ROOT-SERVERS.NET.
..
> HOME.ARPA. DNAME EMPTY.AS112.ARPA.
It is unclear to me how this avoids having ro
Firstly they are HOME.ARPA servers. Just because they are the same physical
servers it doesn’t mean that policy for the root zone content has to apply to
other zones on that server. Maintaining that distinction is important.
Secondly a otherwise empty zone on these servers will fulfil the re
On Dec 11, 2017, at 11:17 AM, Joe Abley wrote:
> Note though that the homenet document specifically requests a delegation.
Please do not read more into the document than was intended. What Mark is
saying looks to me like an accurate representation of what we intended. The
goal is simply for
Michael StJohns writes:
Hi Mike,
Thanks for explaining your thinking because I think, after reading it:
we're actually in agreement but using different terms for where to put
in the slop you're worried about.
Specifically:
> A perfectly operating resolver with perfect clock and perfect
> conne
On 12/11/2017 8:03 PM, Wes Hardaker wrote:
Michael StJohns writes:
Hi Mike,
Thanks for explaining your thinking because I think, after reading it:
we're actually in agreement but using different terms for where to put
in the slop you're worried about.
Specifically:
A perfectly operating res
12 matches
Mail list logo
