Re: [DNSOP] [Ext] on private use TLDS: .interNAL -> .LAN

2024-03-06 Thread S Moonesamy 

Hi Toerless,
At 10:53 AM 27-02-2024, Toerless Eckert wrote:
I don't think ICANN are the authoritative experts to define how to 
best operate

private DNS zones, especially not modifications to configs if not source code
to automatically filter out DNS requests for that zone to avoid the 
overload of
public DNS servers with requests for it - something which ICANN is 
suggesting is
what .internal can achieve. And which i think it may not be able to 
achieve unless
appropriate operational recommendations exist and are applied. And 
if i was a DNS

operator, i would hope IETF would provide those recommendations.


The IETF angle is that there is a Standards Track memo which 
specified what to do when special handling of a DNS label is required.


Regards,
S. Moonesamy 


___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] [Editorial Errata Reported] RFC9520 (7838)

2024-03-06 Thread Wessels, Duane 
This errata seems to be valid. I have no idea why the DOI reference changed, 
but it appears to have changed since it was added to the document in 
November/December last year.

DW


> On Mar 5, 2024, at 9:02 PM, RFC Errata System  
> wrote:
> 
> Caution: This email originated from outside the organization. Do not click 
> links or open attachments unless you recognize the sender and know the 
> content is safe. 
> 
> The following errata report has been submitted for RFC9520,
> "Negative Caching of DNS Resolution Failures".
> 
> --
> You may review the report below and at:
> https://secure-web.cisco.com/1VbjSuWJx5oy1T-Ua7n1iI_SDgRrTt_Lvn9n-UDSifjZm8QaU9N4sQvIa93jzMNm9w2ZAEu2ZZOYvMsD2D7ioZ9QHTqV8jEHryfvOC9Tx53J1SGMrtcSZrHU0FlPrghJ9G7LQdzR6tAz3HpXQAu2riJ5I8LEqNUq0dskyvGu82WhekS82imHk9yVzGp8u8ozw9c-NL3ntpHCse3uefxc2S0p23gjiNSuXw-QixLt5evJjNhvMN3tmNfYG3pVeW77qaEXObECupbCrui7iTlHdbWBWQfvGlBDXEnNuROJctlQ/https%3A%2F%2Fwww.rfc-editor.org%2Ferrata%2Feid7838
> 
> --
> Type: Editorial
> Reported by: Xiang Li 
> 
> Section: 7.2
> 
> Original Text
> -
> [TuDoor]
> ...
> DOI 10.1109/SP54263.2024.00046, 2024, 
> .
> 
> 
> Corrected Text
> --
> [TuDoor]
> ...
> DOI 10.1109/SP54263.2024.00172, 2024, 
> .
> 
> 
> Notes
> -
> The reference link has changed to 10.1109/SP54263.2024.00172 from 
> 10.1109/SP54263.2024.00046
> 
> Instructions:
> -
> This erratum is currently posted as "Reported". (If it is spam, it 
> will be removed shortly by the RFC Production Center.) Please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party  
> will log in to change the status and edit the report, if necessary.
> 
> --
> RFC9520 (draft-ietf-dnsop-caching-resolution-failures-08)
> --
> Title   : Negative Caching of DNS Resolution Failures
> Publication Date: December 2023
> Author(s)   : D. Wessels, W. Carroll, M. Thomas
> Category: PROPOSED STANDARD
> Source  : Domain Name System Operations
> Area: Operations and Management
> Stream  : IETF
> Verifying Party : IESG



smime.p7s
Description: S/MIME cryptographic signature
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Fwd: I-D Action: draft-toorop-dnsop-ranking-dns-data-00.txt

2024-03-06 Thread Wessels, Duane 
Hi, some initial thoughts:

RFC 2181 says "Data from a zone transfer, other than glue” but this draft 
doesn’t make any exceptions for glue or non-authoritative data from a zone 
transfer.  Is that intentional?

Should RFC 8767 stale data be ranked differently than fresh data?

Should EDNS Client Subnet play into ranking?

DW




> On Mar 4, 2024, at 6:37 PM, Benno Overeinder  wrote:
> 
> Caution: This email originated from outside the organization. Do not click 
> links or open attachments unless you recognize the sender and know the 
> content is safe. 
>  Forwarded Message 
> Subject: I-D Action: draft-toorop-dnsop-ranking-dns-data-00.txt
> Date: Mon, 04 Mar 2024 13:12:26 -0800
> From: internet-dra...@ietf.org
> To: i-d-annou...@ietf.org
> 
> Internet-Draft draft-toorop-dnsop-ranking-dns-data-00.txt is now available.
> 
>   Title:   Ranking Domain Name System data
>   Authors: Paul Hoffman
>Shumon Huque
>Willem Toorop
>   Name:draft-toorop-dnsop-ranking-dns-data-00.txt
>   Pages:   4
>   Dates:   2024-03-04
> 
> Abstract:
> 
>   This document extends the list ranking the trustworthiness of domain
>   name system (DNS) data (see Section 5.4.1 of [RFC2181]).  The list is
>   extended with entries for root server names and addresses built-in
>   resolvers, and provided via a root hints file with the lowest
>   trustworthiness, as wel as an entry for data which is verifiable
>   DNSSEC secure with the highest trustworthiness.  This document
>   furthermore assigns ranked values to the positions of the list for
>   easier reference and comparison of trustworthiness of DNS data.
> 
> The IETF datatracker status page for this Internet-Draft is:
> https://secure-web.cisco.com/1-KFlj_oYrZOH-5BhyKqBeDYA57SqQxpkiil5nsPhQR9QBqNk5C1dftYIqaAaBo55ch7u5zlzSyavgTQh3U4JVQSRVGLu4rDLk6FjqWp5kurgOW2oqCka2YyZ9SzqiOfjQbUP2XEQi9izTnWo90VgorxeKRntDUgxyVOYihvFygAM6nuXgV8jBlXpMb2pxDPAfbX70Wv0uqDcZiq1A979EWVqSt9MCvNxQr2kerBKq7OAzltfygzvl6X_KUg8Hoq1R3TOzWDL9uJCJdiWawGKtp80A9QP2MuAXF70_-cRUAI/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-toorop-dnsop-ranking-dns-data%2F
> 
> There is also an HTMLized version available at:
> https://secure-web.cisco.com/1MS_L_uLvJbHCh42n3cgkh_vZRkcg-dAAs_ThN8dzzEXCzyNrE60Pow2LR2HWuKjY1rtp9zIXQPO9QWmDyKZ3drYTqpRRPAhOG408US3yeZ_ybTUwx5ZmGVFIDhhZCDyIuP4Rg_kj_e4KE4mxsKgzgEfIQdwq7bK01e2Edkb4wSY0JIrc-Hzwsw6uz-xNn84Qrb8f3ltQ4Ei9RGjHCnWzJ4NFCNmChSwQ7D9QkgFVPeZKGEVSEIwpohbW91IyDYpcHAs4A1RD-dezuELyugLuLafMYiooQeTs6JwhnK9UPXc/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-toorop-dnsop-ranking-dns-data-00
> 
> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
> 
> 
> ___
> DNSOP mailing list
> DNSOP@ietf.org
> https://secure-web.cisco.com/1tsEMQC3Zecz5o61auTq0E97pflQrX3OHLUXtw4gyrJms3GEbkEmq1XikMPMvYLfFtsbpF0ywAkAOP674RMmrkeAJCnXXx9NyLN0KU9uKmvS3lhZ4ste6C9PM-fjBLzZQeg8oaUexDd7FDoDEkx6l4vrXi5QadmS-ZydnLgKxJsLB2arRZlHXiMm_UXCLHZWYGwTlCYoxupX1buUc3jOw3QN7hp6TmPsUEaNJUIJoiustJUfO4pppH1yzrjf_B9-bnwZJBnApnH_AL9Dep-ELQxFrkCKXZONXLa_VZgKV50M/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fdnsop
> 



smime.p7s
Description: S/MIME cryptographic signature
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Fwd: I-D Action: draft-toorop-dnsop-ranking-dns-data-00.txt

2024-03-06 Thread Willem Toorop 

Op 06-03-2024 om 22:06 schreef Wessels, Duane:


Hi, some initial thoughts:

RFC 2181 says "Data from a zone transfer, other than glue” but this 
draft doesn’t make any exceptions for glue or non-authoritative data 
from a zone transfer.  Is that intentional?
Well, RFC 2181 had a uniquely broad definition of glue (see also the 
terminology draft: 
https://www.ietf.org/archive/id/draft-ietf-dnsop-rfc8499bis-10.html#section-7-2.29), 
so I came up with "other than occluded data" to be more generic, but I 
suppose that wouldn't include the delegation NS records themselves, so 
that won't work either. I'll try to come up with something better...

Should RFC 8767 stale data be ranked differently than fresh data?
Should EDNS Client Subnet play into ranking?


I like your thinking! Yes, fresh data should replace stale data in 
resolver caches, and yes a more specific ECS prefix answer is preferable 
over a less specific ECS prefix. The draft is intended to start 
re-evaluation and re-thinking of that ranking. The authors are planning 
to discuss this extensively at the hackathon preceding IETF 119. This is 
already very good input! So, Thanks!


-- Willem



DW





On Mar 4, 2024, at 6:37 PM, Benno Overeinder  wrote:

Caution: This email originated from outside the organization. Do not 
click links or open attachments unless you recognize the sender and 
know the content is safe.

 Forwarded Message 
Subject: I-D Action: draft-toorop-dnsop-ranking-dns-data-00.txt
Date: Mon, 04 Mar 2024 13:12:26 -0800
From: internet-dra...@ietf.org
To: i-d-annou...@ietf.org

Internet-Draft draft-toorop-dnsop-ranking-dns-data-00.txt is now 
available.


  Title:   Ranking Domain Name System data
  Authors: Paul Hoffman
   Shumon Huque
   Willem Toorop
  Name:    draft-toorop-dnsop-ranking-dns-data-00.txt
  Pages:   4
  Dates:   2024-03-04

Abstract:

  This document extends the list ranking the trustworthiness of domain
  name system (DNS) data (see Section 5.4.1 of [RFC2181]).  The list is
  extended with entries for root server names and addresses built-in
  resolvers, and provided via a root hints file with the lowest
  trustworthiness, as wel as an entry for data which is verifiable
  DNSSEC secure with the highest trustworthiness.  This document
  furthermore assigns ranked values to the positions of the list for
  easier reference and comparison of trustworthiness of DNS data.

The IETF datatracker status page for this Internet-Draft is:
https://secure-web.cisco.com/1-KFlj_oYrZOH-5BhyKqBeDYA57SqQxpkiil5nsPhQR9QBqNk5C1dftYIqaAaBo55ch7u5zlzSyavgTQh3U4JVQSRVGLu4rDLk6FjqWp5kurgOW2oqCka2YyZ9SzqiOfjQbUP2XEQi9izTnWo90VgorxeKRntDUgxyVOYihvFygAM6nuXgV8jBlXpMb2pxDPAfbX70Wv0uqDcZiq1A979EWVqSt9MCvNxQr2kerBKq7OAzltfygzvl6X_KUg8Hoq1R3TOzWDL9uJCJdiWawGKtp80A9QP2MuAXF70_-cRUAI/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-toorop-dnsop-ranking-dns-data%2F

There is also an HTMLized version available at:
https://secure-web.cisco.com/1MS_L_uLvJbHCh42n3cgkh_vZRkcg-dAAs_ThN8dzzEXCzyNrE60Pow2LR2HWuKjY1rtp9zIXQPO9QWmDyKZ3drYTqpRRPAhOG408US3yeZ_ybTUwx5ZmGVFIDhhZCDyIuP4Rg_kj_e4KE4mxsKgzgEfIQdwq7bK01e2Edkb4wSY0JIrc-Hzwsw6uz-xNn84Qrb8f3ltQ4Ei9RGjHCnWzJ4NFCNmChSwQ7D9QkgFVPeZKGEVSEIwpohbW91IyDYpcHAs4A1RD-dezuELyugLuLafMYiooQeTs6JwhnK9UPXc/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-toorop-dnsop-ranking-dns-data-00

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts


___
DNSOP mailing list
DNSOP@ietf.org
https://secure-web.cisco.com/1tsEMQC3Zecz5o61auTq0E97pflQrX3OHLUXtw4gyrJms3GEbkEmq1XikMPMvYLfFtsbpF0ywAkAOP674RMmrkeAJCnXXx9NyLN0KU9uKmvS3lhZ4ste6C9PM-fjBLzZQeg8oaUexDd7FDoDEkx6l4vrXi5QadmS-ZydnLgKxJsLB2arRZlHXiMm_UXCLHZWYGwTlCYoxupX1buUc3jOw3QN7hp6TmPsUEaNJUIJoiustJUfO4pppH1yzrjf_B9-bnwZJBnApnH_AL9Dep-ELQxFrkCKXZONXLa_VZgKV50M/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fdnsop




___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop


OpenPGP_0xE5F8F8212F77A498_and_old_rev.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop