Re: [DNSOP] 2 internet drafts relevant to DNSOP
Paul, thanks for your comments and support. We will definitely reference RFC draft 1101 in our next version. - Joe and Dan On Mar 10, 2012, at 9:28 AM, paul vixie wrote: joe, et al, your draft-gersch-dnsop-revdns-cidr-01 is very clean and simple; the draft and the design are of admirable quality. as a co-author of RFC 2317 i agree that it does not suit the needs of bgp security since it seeks only to provide a method of fully naming hosts, not networks. importantly, i see no reference to RFC 1101 in your draft. RFC 1101 describes a way to name networks, and while at first it did not seem to be compatible with CIDR, implementation (in netstat -r back in BSD/OS 3.1) showed that RFC 1101 was in fact not as classful as it appeared. i recommend a review of these functions, contained in the file dns_nw.c, present in bind8 as src/lib/irs/dns_nw.c, and also present in older versions of bind9, as well as various versions of netbsd and athena. static struct nwent * get1101byaddr(struct irs_nw *, u_char *, int); static struct nwent * get1101byname(struct irs_nw *, const char *); static struct nwent * get1101answer(struct irs_nw *, u_char *ansbuf, int anslen, enum by_what by_what, int af, const char *name, const u_char *addr, int addrlen); static struct nwent * get1101mask(struct irs_nw *this, struct nwent *); static int make1101inaddr(const u_char *, int, char *, int); you may find that some of your work has already been done for you, or, you may find that this is related work that should be referenced in your draft along with the reasons why your proposed method is necessary. paul Joseph Gersch Chief Operating Officer Secure64 Software Corporation ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] 2 internet drafts relevant to DNSOP
joe, et al, your draft-gersch-dnsop-revdns-cidr-01 is very clean and simple; the draft and the design are of admirable quality. as a co-author of RFC 2317 i agree that it does not suit the needs of bgp security since it seeks only to provide a method of fully naming hosts, not networks. importantly, i see no reference to RFC 1101 in your draft. RFC 1101 describes a way to name networks, and while at first it did not seem to be compatible with CIDR, implementation (in netstat -r back in BSD/OS 3.1) showed that RFC 1101 was in fact not as classful as it appeared. i recommend a review of these functions, contained in the file dns_nw.c, present in bind8 as src/lib/irs/dns_nw.c, and also present in older versions of bind9, as well as various versions of netbsd and athena. static struct nwent * get1101byaddr(struct irs_nw *, u_char *, int); static struct nwent * get1101byname(struct irs_nw *, const char *); static struct nwent * get1101answer(struct irs_nw *, u_char *ansbuf, int anslen, enum by_what by_what, int af, const char *name, const u_char *addr, int addrlen); static struct nwent * get1101mask(struct irs_nw *this, struct nwent *); static int make1101inaddr(const u_char *, int, char *, int); you may find that some of your work has already been done for you, or, you may find that this is related work that should be referenced in your draft along with the reasons why your proposed method is necessary. paul ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] 2 internet drafts relevant to DNSOP
DNSOP members, We have recently submitted two internet drafts for review at the Paris IETF meeting. The first document, draft-gersch-dnsop-revdns-cidr-01 describes a reverse-DNS naming method to specify CIDR address blocks. We will be presenting this proposal, its motivation and its purpose at the DNSOP session on Friday, March 30. The second document, draft-gersch-grow-revdns-bgp-00 was also submitted. It describes two new DNS record types that can be used to specify BGP route origins in the reverse DNS. It uses the domain naming method described earlier. We will be presenting this at the GROW session on Friday, March 30, and possibly at the SIDR session on Wednesday, March 28 as well. Although one of the drafts was submitted to GROW, the documents propose a DNS naming convention and new DNS record types that could benefit from the expert review by the members in DNSEXT and DNSOP. We encourage you to review these internet drafts and to submit comments to the DNSOP mailing list. If you want to know more about the use of the names and record types, a live testbed is available at the web site rover.secure64.com. This web site contains various documents and slide sets explaining the BGP publishing and verification methods, as well as the testbed itself with over 390,000 routes published in an in-addr.arpa shadow zone. You can submit your own BGP data into the shadow zones if you wish. The web site also lets you perform queries to verify the origin authenticity of a BGP announcement. If anyone wants a demo of the testbed during the IETF week, we will be happy to show how it works; or you can simply create an account and try it out for yourself at any time. Thanks, Joseph Gersch Dan Massey Eric Osterweil Lixia Zhang ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
