One question/caveat:
What would the practical impact be, if the TTL on the SOA were the same as
the default negative caching TTL (for the NXDOMAIN)?
I think it would be slightly less sniffy, to have the NXDOMAIN and the
synthesized SOA both disappear at the same time.
IIRC, the TTL would then ne
Good point, indirectly referencing RFC 2308 (I always seem to forget about
that one).
So, other than SOA TTL going into the draft, I think it's all good, and
please ignore everything else I said (e.g. 900).
Brian
On 2/22/13 11:43 AM, "Joe Abley" wrote:
>
>On 2013-02-2
On 2/22/13 2:27 PM, "Warren Kumari" wrote:
>
>(If folk feel sufficiently strongly we *could* even strip a label off, so
>that the synthesized SOA is not the same as the NXD. *This* feel really
>hacks, but putting it out there...)
Uh, definitely not. The whole point is you don't know from where
On 2/25/13 7:29 PM, "Tony Finch" wrote:
>Dickson, Brian wrote:
>>
>> However, there is another UGLY, EVIL way that might achieve what you're
>> thinking of:
>>
>> Instead of delegating to omniscient AS112 servers, what about doing a
>> DNA
Ed Lewis wrote:
And to make this work really well, we have to figure out how I'd get a DS
record for an unpublished DNSKEY into a zone like .NL (Antoin's - well, not his
personally) that wants keys to work on, not DS records. To hark back to Wes, I
don't have answer for that, I don't want to p
On 7/3/13 4:04 AM, "Jaap Akkerhuis" wrote:
>
>
>I'm still trying to figure out how I could tell whether prefetch
>makes things better or worse, since the main thing I've learned
>from the few DNS cache simulations I've done is that intuition is
>not a good guide.
>
>The net effect
On 7/8/13 2:28 PM, "Patrik Fältström" wrote:
>I have also had a look at this document which I in general do believe is
>sound, although there are a few events I would like to have described in
>the document. Reason for this is that I see it being really important
>that it is implemented the sam
On 7/8/13 9:39 PM, "Andrew Sullivan" wrote:
>On Mon, Jul 08, 2013 at 06:49:53PM +0000, Dickson, Brian wrote:
>>
>> Thoughts?
>
>My immediate thought is, "What problem is this trying to solve?"
Automating NS changes on the parent side, via child-sign
Have you looked at integrating NTP code (and an internal "clock") into the
Unbound running on the OpenWrt routers?
(If you want something done right, sometimes you have to do it yourself, and
all that.)
Even if the clock on this hardware is not all that great, is there any
functionality which c
On 9/12/13 7:24 AM, "Theodore Ts'o" wrote:
>On Wed, Sep 11, 2013 at 03:38:21PM -0400, Phillip Hallam-Baker wrote:
>> > I disagree. DNSSEC is not just DNS: its the only available,
>>deployed, and
>> > (mostly) accessible global PKI currently in existence which also
>>includes a
>> > constrained p
On 9/12/13 2:07 PM, "Ted Lemon" wrote:
>On Sep 12, 2013, at 1:49 PM, "Dickson, Brian"
>wrote:
>> In order to subvert or redirect a delegation, the TLD operator (or
>> registrar) would need to change the DNS server name/IP, and replace the
>>DS
>>
On 10/2/13 10:24 PM, "Paul Wouters" wrote:
>On Wed, 2 Oct 2013, Warren Kumari wrote:
>
>> Anyway, we have finally rev'ed the CDS draft, and have (I think)
>>arrived at a compromise that will be acceptable to both views (DS vs
>>DNSKEY).
>>
>> The 50'000ft[0] view is that the record is now a sel
+1 (to everything said by Joe).
Support adoption/last-call/publication.
Brian
On 10/21/13 12:09 PM, "Joe Abley" wrote:
>
>On 2013-10-21, at 11:29, Tim Wicinski wrote:
>
>> This starts a Call for Adoption for draft-andrews-dnsop-rfc6598-rfc6303.
>>
>> The draft is available here:
>>https://dat
(Sorry for tweaking the subject line - mailer problems related to magic
words)
On 5/28/14, 12:15 PM, "Evan Hunt" wrote:
>
>> So not to put too fine a point on it, but where is the use case for this
>> proposal? It seems like something that is more of someone's cool hack
>> than a standard peop
14 matches
Mail list logo
