On 8/23/22 7:00 AM, Tobias Fiebig wrote:
Context: I am currently dealing with academic reviewers claiming that
not using CNAMEs for NS is, quote, "[...] by the spec, [..] true, [but]
also commonly ignored in practice.
Obeying the speed limit is "[...] by the spec, [...] true, [but] also
commo
On 7/18/23 7:42 PM, George Michaelson wrote:
I know, I could submit these to the PSL website directly. I am
asking a meta question: do we think that operationally, if a PSL
exists, that all ccTLD and TLD should be on it?
I'm of mixed opinion.
I see the value in having ccTLDs and TLDs on the P
Hi,
+10 to aggregating current documentation into one place.
On 3/10/22 12:04 PM, Paul Wouters wrote:
Even better if we would clarify DNSSEC is not an optional part of DNS,
but I don’t think you are volunteering for that discussion 😀
Eh ... I'm more interested in aggregating current documenta
On 3/10/22 1:16 PM, Colm MacCárthaigh wrote:
I think a single BCP doc is a good idea, but here I'd actually go
much further and argue for a significant section in the BCP that
acknowledges that it is also a best current practice not to enable
DNSSEC. That is objectively the most common practice
On 08/24/2017 09:46 AM, Hector Santos wrote:
Not expecting this in my DNS resolver code, I modified the resolver to
take the CNAMEs into account and return the host names instead. Was
this the correct thing to do, thus providing the same results regardless
of the query location?
This is one
On 08/26/2017 12:23 PM, Hector Santos wrote:
> This was done, at least the first part of providing the ISP the two NS
> servers required. They used RFC2317 to setup the cname delegation. On
> my servers, I had done what you suggestion with the second method using
> a parent c.b.a.in-addr.arpa zone
On 07/24/2018 09:08 AM, Petr Špaček wrote:
I would recommend you to use subdomain of your public domain.
Agreed.
The alternative might be to use a different public domain.
Nice thing is that this approach doesn't require:
- views
- forwarding
- explicit trust anchor (if you want DNSSEC insid
Paul,
On 07/24/2018 10:10 AM, Paul Vixie wrote:
i also use real domains for my private stuff. but i also use RPZ locally
for the internal bindings,
Do you leverage anything like Dynamic DNS updates in conjunction with
DHCP? If so, how well does that play with the configuration that you're
u
On 07/25/2018 05:18 AM, Tony Finch wrote:
I recommend having an empty public view of your private zone, so that
external queries succeed with NXDOMAIN / NODATA.
ACK.
What is your opinion on blindly grafting the sub-domain onto the parent
zone without proper delegation. I.e. internal DNS serv
On 10/28/2018 10:44 AM, Evan Hunt wrote:
As a relatively new consideration, root zone local mirroring (RFC 7706)
depends on at least a subset of root servers being able to provide the
zone via AXFR.
Does root zone local mirroring require that the zone comes from the
lettered root servers them
On 12/27/18 1:29 PM, John R Levine wrote:
He thinks $GENERATE confuses people.
No, $GENERATE is not why he, *I*, prefer to use NS over CNAME delegation.
I listed out multiple (2 ~ 3) manually as an example instead of using
$GENERATE purely to simplify the example. I've run across many people
On 12/27/18 12:59 PM, Paul Vixie wrote:
in RFC 2317 we do this with CNAME not NS. did the proponent explain why
CNAME wasn't suitable for her purposes?
Vaguely.
I personally find CNAMEs to sub-domains to be sub optimal for various
reasons.
I have coached MANY (too many?) people through RFC
On 12/28/18 3:27 PM, John Levine wrote:
I'd think it depends whether invalid delegations bother them, like if,
say, ns1.example.com might not be running BIND.
You seem to be conflating the two independent issues at hand:
1) Use of RFC 2317's CNAME technique vs the NS technique I'm advocating
On 2/14/19 6:51 PM, Paul Vixie wrote:
i want the metadata i need to reach and trust assets on my side of any
connectivity loss event, to be kept in warm storage, and made subject to
trusted invalidation on an opportunistic basis, at the discretion of the
authority operators who own the data i h
On 11/13/2015 09:55 AM, A. Schulze wrote:
consider a nameserver ns.example.com serving example.com. There is a
delegation from com. including glue.
Now we add a childzone sub.example.com. served by the same nameserver
ns.example.com.
should I add a entry in example.com to delegate the subzone to
15 matches
Mail list logo
