Yes, I concur, and good catch Ondrej. The authors will use IP addresses from the example/documentation prefixes in the next revision of the draft.
Shumon. On Mon, Jul 22, 2024 at 2:07 PM Ondřej Surý <[email protected]> wrote: > This is a nit, but an important one. The draft uses IP addresses that > are not from the EXAMPLE-NET (and friends). Also I would suggest > to use example IPv6 addresses (AAAA) in the draft instead of the > Legacy IP addresses (A) (e.g. RFC 3849). > > Please don't do that, 100.1.1.1 belongs to Verizon Business and > 200.1.1.1 is Corporacion Andina de Fomento. > > Thanks, > Ondrej > -- > Ondřej Surý (He/Him) > [email protected] > > My working hours and your working hours may be different. Please do not > feel obligated to reply outside your normal working hours. > > > On 2. 7. 2024, at 23:47, Davey Song <[email protected]> wrote: > > > > Hi folks, > > > > I noticed the momentum on DNS load balancing and NS selection topics. > Our co-authors have just compiled a draft summarizing the research findings > and best practices in this field, and made some recommendations for > developers on secure and robust NS selection algorithms. Comments are > welcome. > > > > Davey > > ---------- Forwarded message --------- > > From: <[email protected]> > > Date: Wed, Jul 3, 2024 at 2:19 PM > > Subject: I-D Action: draft-zhang-dnsop-ns-selection-00.txt > > To: <[email protected]> > > > > > > Internet-Draft draft-zhang-dnsop-ns-selection-00.txt is now available. > > > > Title: Secure Nameserver Selection Algorithm for DNS Resolvers > > Authors: Fenglu Zhang > > Baojun Liu > > Linjian Song > > Shumon Huque > > Name: draft-zhang-dnsop-ns-selection-00.txt > > Pages: 18 > > Dates: 2024-07-02 > > > > Abstract: > > > > Nameserver selection algorithms employed by DNS resolvers are not > > currently standardized in the DNS protocol, and this has lead to > > variation in the methods being used by implementations in the field. > > Recent research has shown that some of these implementations suffer > > from significant security vulnerabilities. This document provides an > > in-depth analysis of nameserver selection utilized by mainstream DNS > > software and summarizes uncovered vulnerabilities. Furthermore, it > > provides recommendations to defend against these security and > > availability risks. Designers and operators of recursive resolvers > > can adopt these recommendations to improve the security and stability > > of the DNS. > > > > The IETF datatracker status page for this Internet-Draft is: > > https://datatracker.ietf.org/doc/draft-zhang-dnsop-ns-selection/ > > > > There is also an HTMLized version available at: > > https://datatracker.ietf.org/doc/html/draft-zhang-dnsop-ns-selection-00 > > > > Internet-Drafts are also available by rsync at: > > rsync.ietf.org::internet-drafts > > > > > > _______________________________________________ > > I-D-Announce mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > _______________________________________________ > > DNSOP mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > >
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
