aps he
can call up the chapter and verse?)
If I'm mistaken about that, and it's still only implicit, then I'd support
clarifying the protocol in that way. If it's already been clarified,
though, then I'm not sure why a 0x20 RFC is needed now.
--
Evan Hunt -- e...@isc.org
In
compliant software be required to literally smell bad.
(For some reason I still haven't gotten my Nobel prize for that. Maybe I
should check today's mail...)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
dns-operations mailing list
dns-o
y reason I wrote it was that
I believed browser vendors would remain unwilling to adopt a more sensible
alternative, and as soon as my pessimism turned out to be unfounded, I was
quite happy to drop the proposal.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_
hopes,
resolver operators will get tired of having to keep resetting
the things.
It's been six years, I haven't seen much evidence of harm to the
DNSSEC ecosystem yet.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
dns-operations mailing li
iction since NSEC3 support was first added in 2008.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
On Wed, Jan 06, 2021 at 03:24:10AM +, Evan Hunt wrote:
> I wonder aloud if dig's default behavior should be to try IDN and
> silently fall back to conventional output formatting if it fails.
> I imagine there are situations where you'd want the rules strictly
> enforced, but
a good reason to do that by
default.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
zone antiglam.com/IN: 'antiglam.com' found SPF/TXT record but no SPF/SPF
record found, add matching type SPF record
Will this warning be phased out?
It already was, in 9.9.6 and 9.10.1. It warns now if you have an
SPF record without a corresponding TXT, not the other way around.
--
Evan
this for love, try them all (ESPECIALLY go!) and see
which one grabs you.
if you're doing it for relevance and compatibility and code re-use and
code sharing, use python.
I can't speak to the accuracy of the first paragraph, but I'm gonna +1
everything else Paul just said.
--
Evan Hunt -- e
On Mon, Dec 08, 2014 at 05:33:58PM +0100, Stephane Bortzmeyer wrote:
For BIND, I'm not aware of a patch yet.
https://kb.isc.org/article/AA-01216
The 9.10 release also had an unrelated, less significant security problem
fixed at the same time, covered in https://kb.isc.org/article/AA-01217.
On Sat, Nov 29, 2014 at 01:15:48PM -0800, Paul Vixie wrote:
can you tell me the use case for having this signature be in-band?
An out-of-band signature can only cover an out-of-band transfer. An
in-band signature could cover both kinds.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium
issue.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman
: it's not obvious from the website, and
dns.watch doesn't have an MX record. It's harder to evaluate claims of
neutrality and data privacy when I don't know who I'm talking to.
I also wish I knew who they were because (assuming legit) I'd be happy
to offer assistance.
--
Evan Hunt -- e
to.
whois ?
The website and whois record both indicate that they're associated with
Ideal Hosting UG, but it isn't obvious to me whether dns.watch *is* Ideal
Hosting, or just clients of theirs.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc
This is implemented in BIND 9.10 as the prefetch option.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs
the underscore to the allowed list, and not any other special
characters, which would break all kinds of things, without adding any real
value.
Can I ask what specific problem you're having that would be solved by this?
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc
On Thu, May 15, 2014 at 07:12:53AM -0400, Jared Mauch wrote:
I heard they are skipping number 11, the next release would be 9.12.
It's on our roadmap as 9.11.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
dns-operations mailing
On Tue, May 06, 2014 at 10:56:03AM -0700, Paul Ferguson wrote:
ISC plans to address this deficiency by reimplementing the SRTT
algorithm in future maintenance releases of the BIND 9 code.
Was this reimplementation done, and if so, what version was it
implemented?
Not yet.
--
Evan Hunt
stack that caused a big
performance drop relative to BSD or Solaris, essentially reducing it
to single-thread performance. I believe all the major Linux distributions
have switched to lockless UDP by now, but it might be worth checking out.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium
Jan 23 17:46:46 UTC 2014:
Delete: example.com/005/53481 (ZSK)
No errors found
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman
of signing failures is the wrong thing
to do, but people are going to do the wrong thing whether I like
it or not, and if we must choose between evils, I prefer rndc
validation off nasa.gov to rndc validation off.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc
to use narrow NTAs would have any effect
on resolver operators.
Of course not, but it could affect the choices made by DNS implementors.
(I expect to pay attention to Jason's draft if and when I implement this
feature.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc
but how to implement that? since local DNS server always has caching.
Yes, this is why I said it would be a big job to implement it in BIND. It
becomes necessary to cache multiple different answers to the same question.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc
on
sponsorship.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net
dnssec-dnskey-kskonly yes; to your
options statement. If you're using dnssec-signzone, you can override
it by using the -x flag.
It seems harmless, beyond the extra payload in responses pushing up
packet sizes.
Exactly so.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc
like very much to know more about this?
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https
26 matches
Mail list logo