Dear DNSOP,
I submitted draft-fujiwara-dnsop-fragment-attack-01.
https://tools.ietf.org/html/draft-fujiwara-dnsop-fragment-attack-01
It summarized DNS cache poisoning attack using IP fragmentation
and countermeasures.
If the draft is interested, I will request timeslot at IETF 104.
I think
Bob Harold writes:
> Will the "resolution recheck timer" cause ttl's less than the timer
> to be effectively lengthened, by refusing to look them up again? I
> think 'serve-stale' should focus on the situation where the auth
> server is not available, and not change the handling of short ttl's.
>
On Mar 1, 2019, at 9:33 AM, Dave Lawrence wrote:
>
> Bob Harold writes:
>> Will the "resolution recheck timer" cause ttl's less than the timer
>> to be effectively lengthened, by refusing to look them up again? I
>> think 'serve-stale' should focus on the situation where the auth
>> server is no
Following up on my previous message:
The document is actively confusing about recommendations.
- Section 4 has the actual update to the RFC 1035, and that update contains MAY
and SHOULD statements.
- Section 5 is called "Example Method" but also contains recommendations.
- Section 6, "Implemen
Or one can use TSIG with a well known key to get a cryptograph hash of the
response. Below is how
how the servers for the Alexa to 1 Million handle unexpected TSIG. It’s well
under a day to add
this to a recursive server that supports TSIG already. It’s a couple of
minutes of configuration
ti
Paul Hoffman writes:
> I'm not sure a standards track document that updates RFC 1034/1035
> should be recommending a minimum TTL.
As previously noted, we're making no such recommendation and that will
be clarified. The first definition of "resolution recheck timer" in
section 5 does already say
Dear Tim Wicinski,
The session(s) that you have requested have been scheduled.
Below is the scheduled session information followed by
the original request.
dnsop Session 1 (2:00 requested)
Tuesday, 26 March 2019, Afternoon Session I 1350-1550
Room Name: Congress Hall 2 size: 350
> On Mar 1, 2019, at 12:54 PM, Dave Lawrence wrote:
>
> Paul Hoffman writes:
>> I'm not sure a standards track document that updates RFC 1034/1035
>> should be recommending a minimum TTL.
>
> As previously noted, we're making no such recommendation and that will
> be clarified.
"Attempts
At Fri, 01 Mar 2019 21:14:48 +0900 (JST),
fujiw...@jprs.co.jp wrote:
> Dear DNSOP,
>
> I submitted draft-fujiwara-dnsop-fragment-attack-01.
>
>https://tools.ietf.org/html/draft-fujiwara-dnsop-fragment-attack-01
>
> It summarized DNS cache poisoning attack using IP fragmentation
> and counterme
Mark Andrews wrote on 2019-03-01 12:00:
Or one can use TSIG with a well known key to get a cryptograph hash
of the response. ...
i prefer this approach. no matter how bad fragmentation was in V4 and no
matter how much worse it is in V6, we must not lock ourselves into
packets whose size is
Michał Kępień writes:
> zone "." {
> type mirror;
> };
Cool feature, and thanks for adding it. It'll certainly make writing
LocalRoot config updates easier.
Questions though:
1) In this state, does it accept notifications for triggering zone
refreshing (which is one of the fea
11 matches
Mail list logo
