On 05. 11. 18 19:30, Tony Finch wrote:
> Mukund Sivaraman wrote:
>> On Fri, Nov 02, 2018 at 02:30:15PM -0400, Viktor Dukhovni wrote:
>>>
>>> To move DNSSEC adoption higher, CDS/CDNSKEY/... need to be supported
>>> by most registries and the signing and key rollover tooling needs
>>> to become le
On Thu, 29 Nov 2018, Petr Špaček wrote:
I'm wondering if we could add NXDOMAIN mandatory check and accept
INTERNAL_DNSSEC_TA only if "external DNS server" resolves given name to
NXDOMAIN.
You cannot do that. Imagine .company being run locally and publicly.
They might still be different zones.
On Thu, 29 Nov 2018, Ted Lemon wrote:
On Thu, Nov 29, 2018 at 12:31 AM Paul Wouters wrote:
How could the use case be more constrained without breaking functionality?
I discussed this in detail in several previous posts, e.g.:
https://mailarchive.ietf.org/arch/msg/dnsop/97xk8Zm1NGpyadZ
Paul Wouters writes:
> On Tue, 27 Nov 2018, Petr Špaček wrote:
>
>>> MB 7 a mailbox domain name (EXPERIMENTAL) [RFC1035] MG
>>> 8 a mail group member (EXPERIMENTAL) [RFC1035] MR 9 a
>>> mail rename domain name (EXPERIMENTAL) [RFC1035]
>>
>>
>> Is there any *tec
Paul, I think it is a bit much to accuse me of wanting a pony here.
Suppose you have a company that has a subdomain that's internal (this is
the case where they control the delegation). The way you make this work
is that you publish a signed delegation to the internal zone. When you
look thing
Separately, on the topic of provisioning, the right answer here is to just
say that the whitelist is installed with the provisioning profile, and not
recommend a UI flow. It's the recommendation for the UI flow that I'm
objecting to. This is a bad security practice that is slowly falling into
d
On Fri, 30 Nov 2018, Ted Lemon wrote:
Suppose you have a company that has a subdomain that's internal (this is the
case where they control the delegation). The way you make this work is that
you publish a signed delegation to the internal
zone.
That means your public DNS zone must be signe
On Fri, 30 Nov 2018, Ted Lemon wrote:
Separately, on the topic of provisioning, the right answer here is to just say
that the whitelist is installed with the provisioning profile, and not
recommend a UI flow. It's the recommendation for the UI
flow that I'm objecting to.
There is no "recom
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : C-DNS: A DNS Packet Capture Format
Authors : John Dickinson
Jim Hague
Hi All,
We’ve published an updated version of the draft that we hope addresses all the
points raised in the reviews apart from describing the new IANA requirements
for allocating/extending the various fields (and a couple of idnits). We are
working on a version to include that and hope to pub
Alexey Melnikov has entered the following ballot position for
draft-ietf-dnsop-dns-capture-format-09: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Pleas
11 matches
Mail list logo
