On Mon, Mar 9, 2015 at 10:58 PM, Mark Andrews ma...@isc.org wrote:
In message
cagmqtqjrpx_xg_ojtshsw5yqaefkzwdma16xw7iry9pr0_f...@mail.gmail.com
, Yunhong Gu writes:
Returning NOTIMP may confuse resolvers as it is not clear what is not
implemented.
Which is why you only change one
Forwarded Message
Subject: [nznog] DNSSEC validation at Spark NZ
Date: Tue, 10 Mar 2015 11:45:27 +1300
From: Sebastian Castro sebast...@nzrs.net.nz
Organization: .nz Registry Services
To: nz...@list.waikato.ac.nz nz...@list.waikato.ac.nz
Hi:
We'd like to share a short technical
Regarding the statement query type ANY 'matches all RR types CURRENTLY IN THE
CACHE'.
Actually, there's nothing in RFC 1034 that clearly *mandates* this behavior --
Section 3.7.1 says only that a QTYPE of * matches all RR types, whereas
Section 5.3.3 (Algorithm) says to return the answer or
In message d1250a19.9a81%edward.le...@icann.org, Edward Lewis writes:
Why don't we just implement TSIG signed updates...
In the sense of baby steps first - what I'm driving towards error
detection, ensuring that the zone-to-be is in line with it's environment.
Getting to error correction
On Mar 10, 2015 12:16 PM, Edward Lewis edward.le...@icann.org wrote:
...
Perhaps Comcast could install little squirrel
feeders in the neighborhood.
That they don't, and have let this problem go unabated for years,
illustrates their bias. #nutneutrality
Apologies,
Eli
On Mar 10, 2015, at 8:46 AM, David C Lawrence t...@akamai.com wrote:
Paul Hoffman writes:
On Mar 10, 2015, at 6:25 AM, Yunhong Gu g...@google.com wrote:
So the problem is, why NOTIMP? REFUSED sounds like a better choice.
+1. REFUSED exactly describes what is going on.
One down side
On Tue, 10 Mar 2015, Chris Adams wrote:
A problem with ever using ANY to get more information from a cache is
the client's/applications's assumption that all requests will go to the
same server. Even if a client sends requests to the same IP, anycast
can mean they go to a different server.
On 3/10/15, 16:45, Mark Andrews ma...@isc.org wrote:
Why don't we just implement TSIG signed updates...
In the sense of baby steps first - what I'm driving towards error
detection, ensuring that the zone-to-be is in line with it's environment.
Getting to error correction is the next level, but
Tsig won't scale for something like this. Please consider sig0.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
Jason- Thank you for sharing the details. Another excellent real world
example. Too bad it caused you consternation. -Rick
From: dns-operations [mailto:dns-operations-boun...@dns-oarc.net] On Behalf
Of Livingood, Jason
Sent: Monday, March 09, 2015 8:50 PM
To: dns-operations
Subject:
On Tue, Mar 10, 2015 at 11:09 AM, Matthew Pounsett m...@conundrum.com wrote:
On Mar 9, 2015, at 23:50 , Livingood, Jason
jason_living...@cable.comcast.com wrote:
So earlier today HBO announced a new HBONow streaming service (at an Apple
event). The FQDN to order, which should have been
On Mar 10, 2015, at 6:25 AM, Yunhong Gu g...@google.com wrote:
So the problem is, why NOTIMP? REFUSED sounds like a better choice.
+1. REFUSED exactly describes what is going on.
--Paul Hoffman
___
dns-operations mailing list
On 3/9/15, 23:50, Livingood, Jason jason_living...@cable.comcast.com
wrote:
So earlier today HBO announced a new HBONow streaming service (at an
Apple event). The FQDN to order, which should have been DNSSEC-enabled,
was order.hbonow.com. This unfortunately suffered from a rather
inconveniently
On Mar 9, 2015, at 23:50 , Livingood, Jason jason_living...@cable.comcast.com
wrote:
So earlier today HBO announced a new HBONow streaming service (at an Apple
event). The FQDN to order, which should have been DNSSEC-enabled, was
order.hbonow.com. This unfortunately suffered from a rather
In message d124b0ce.9a2e%edward.le...@icann.org, Edward Lewis writes:
Content-transfer-encoding: 7bit
...to prevent another DS--DNSKEY mishap from happening again?
I'm presenting the message to the DNS Operations list of DNS-OARC. (Being
subscribed to so many DNS lists I keep forgetting
Paul Hoffman writes:
On Mar 10, 2015, at 8:46 AM, David C Lawrence t...@akamai.com wrote:
One down side there, however, is that REFUSED as understood by
resolvers commonly has the semantic currently that the name is not
hosted by the server at all.
If a resolver is sending an ANY before
On 3/10/15, 12:55 PM, Eli Heady
eli.he...@gmail.commailto:eli.he...@gmail.com wrote:
On Mar 10, 2015 12:16 PM, Edward Lewis
edward.le...@icann.orgmailto:edward.le...@icann.org wrote:
...
Perhaps Comcast could install little squirrel
feeders in the neighborhood.
That they don't, and have
...to prevent another DS--DNSKEY mishap from happening again?
I'm presenting the message to the DNS Operations list of DNS-OARC. (Being
subscribed to so many DNS lists I keep forgetting if I'm acting as an IETF
participant or talking as a past operator of DNS or as )
In short, think about
On 3/10/15, 12:11 PM, Edward Lewis edward.le...@icann.org wrote:
I (as well as others) knew this day would come -
when an ISP would get the brunt of someone's DNSSEC misfire. (Others
include many who worked on the original design and deployment workshops.)
It won¹t be the last time! ;-)
The
Hi All,
Thanks for responding one response per user. Apologies for
cross-posting.
*Access*: All
*Close date*: 03/04/2015
*Survey*:
https://fr.surveymonkey.com/r/zonemasterhttps://centr.org/survey-form/dns-checking-tools-ed-2014
*Background*: Afnic and IIS.SE are currently in the
20 matches
Mail list logo