Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-03.txt
Hi Roy, Thank you for the explanation. Hopefully there will software that does the translation to other reporting tools soon after the Draft is accepted. eduardo_sign Best regards, Aviso de Confidencialidade/Disclaimer: Este e-mail foi escrito de acordo com o novo acordo ortográfico. Esta mensagem é exclusivamente destinada ao seu destinatário, podendo conter informação CONFIDENCIAL, cuja divulgação está expressamente vedada nos termos da lei. Caso tenha recepcionado indevidamente esta mensagem, solicitamos-lhe que nos comunique esse mesmo facto por esta via devendo apagar o seu conteúdo de imediato. This message is intended exclusively for its addressee. It may contain CONFIDENTIAL information protected by law. If this message has been received by error, please notify us via e-mail and delete it immediately. [ Antes de imprimir esta mensagem pense no ambiente. Before printing this message, think about environment ] Às 13:38 de 26/10/22, Roy Arends escreveu: On 26 Oct 2022, at 11:05, Eduardo Duarte wrote: Hi all, I'm not active in the WG but some one point out this draft during last week DNS-OARC meeting and I have a question for the Authors. So from my understanding after reading the Draft all the reporting is done over DNS itself. Did the Authors think of adding other reporting mechanisms like REST+JSON or even email? I'm bringing this up because I think it will be easier to integrate the error reporting to other monitoring tools in this way instead of reading the log file from a Reporting Agent. Hi Eduardo, First off, thanks for reading it and commenting on it. All input is greatly appreciated! The simplest method available, that included facilities to dampen the amount of reports (such as caching) and reducing the additional complexity in validating resolvers, was using the DNS. All of the additional complexity, such as REST+JSON, email etcetera can be added to the reporting agent, where all reports come in over DNS, and subsequently more audited, in-depth, aggregated, curated and even human readable reports can go out via various APIs, protocols, transports, etc. Hope this helps. Roy ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-03.txt
> On 26 Oct 2022, at 11:05, Eduardo Duarte > wrote: > > Hi all, > > I'm not active in the WG but some one point out this draft during last week > DNS-OARC meeting and I have a question for the Authors. > So from my understanding after reading the Draft all the reporting is done > over DNS itself. Did the Authors think of adding other reporting mechanisms > like REST+JSON or even email? > I'm bringing this up because I think it will be easier to integrate the error > reporting to other monitoring tools in this way instead of reading the log > file from a Reporting Agent. Hi Eduardo, First off, thanks for reading it and commenting on it. All input is greatly appreciated! The simplest method available, that included facilities to dampen the amount of reports (such as caching) and reducing the additional complexity in validating resolvers, was using the DNS. All of the additional complexity, such as REST+JSON, email etcetera can be added to the reporting agent, where all reports come in over DNS, and subsequently more audited, in-depth, aggregated, curated and even human readable reports can go out via various APIs, protocols, transports, etc. Hope this helps. Roy ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-03.txt
Hi all, I'm not active in the WG but some one point out this draft during last week DNS-OARC meeting and I have a question for the Authors. So from my understanding after reading the Draft all the reporting is done over DNS itself. Did the Authors think of adding other reporting mechanisms like REST+JSON or even email? I'm bringing this up because I think it will be easier to integrate the error reporting to other monitoring tools in this way instead of reading the log file from a Reporting Agent. eduardo_sign Thank you and best regards, Aviso de Confidencialidade/Disclaimer: Este e-mail foi escrito de acordo com o novo acordo ortográfico. Esta mensagem é exclusivamente destinada ao seu destinatário, podendo conter informação CONFIDENCIAL, cuja divulgação está expressamente vedada nos termos da lei. Caso tenha recepcionado indevidamente esta mensagem, solicitamos-lhe que nos comunique esse mesmo facto por esta via devendo apagar o seu conteúdo de imediato. This message is intended exclusively for its addressee. It may contain CONFIDENTIAL information protected by law. If this message has been received by error, please notify us via e-mail and delete it immediately. [ Antes de imprimir esta mensagem pense no ambiente. Before printing this message, think about environment ] Às 14:50 de 24/10/22, internet-dra...@ietf.org escreveu: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations WG of the IETF. Title : DNS Error Reporting Authors : Roy Arends Matt Larson Filename: draft-ietf-dnsop-dns-error-reporting-03.txt Pages : 10 Date: 2022-10-24 Abstract: DNS Error Reporting is a lightweight error reporting mechanism that provides the operator of an authoritative server with reports on DNS resource records that fail to resolve or validate, that a Domain Owner or DNS Hosting organization can use to improve domain hosting. The reports are based on Extended DNS Errors [RFC8914]. When a domain name fails to resolve or validate due to a misconfiguration or an attack, the operator of the authoritative server may be unaware of this. To mitigate this lack of feedback, this document describes a method for a validating recursive resolver to automatically signal an error to an agent specified by the authoritative server. DNS Error Reporting uses the DNS to report errors. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-error-reporting/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-dns-error-reporting-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-dns-error-reporting-03 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations WG of the IETF. Title : DNS Error Reporting Authors : Roy Arends Matt Larson Filename: draft-ietf-dnsop-dns-error-reporting-03.txt Pages : 10 Date: 2022-10-24 Abstract: DNS Error Reporting is a lightweight error reporting mechanism that provides the operator of an authoritative server with reports on DNS resource records that fail to resolve or validate, that a Domain Owner or DNS Hosting organization can use to improve domain hosting. The reports are based on Extended DNS Errors [RFC8914]. When a domain name fails to resolve or validate due to a misconfiguration or an attack, the operator of the authoritative server may be unaware of this. To mitigate this lack of feedback, this document describes a method for a validating recursive resolver to automatically signal an error to an agent specified by the authoritative server. DNS Error Reporting uses the DNS to report errors. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-error-reporting/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-dns-error-reporting-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-dns-error-reporting-03 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
