Re: [dns-operations] DNS .com/.net resolution problems in the Asia/Pacific region

Shumon and all, On 18/07/2023 21.41, Shumon Huque wrote: On Tue, Jul 18, 2023 at 3:29 PM Viktor Dukhovni > wrote: Yes, I agree. A resolver can't really tell that a response with an expired signature wasn't an attacker trying to replay old data. For robustness

Re: [dns-operations] Disclosure of root zone TSIG keys

Duane, I really appreciate this level of transparency, thank you. This does make me think of a couple of questions. First, I assume that the main goal of TSIG is to prevent modification of the zone file(s) in transit, more than preventing access. The root zone is public, right? Since the

Re: [dns-operations] g.root-servers.net not reachable over IPv6 from AS3320

Winfried, On 14/02/2020 14.19, Winfried Angele wrote: g.root-servers.net cannot be reached from AS3320 over IPv6. Is anyone else affected? dig @2001:500:12::d0d ; <<>> DiG 9.14.9 <<>> @2001:500:12::d0d ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be

Re: [dns-operations] IPv6 only for nameservers

Stephane and all, On 30/12/2019 16.01, Stephane Bortzmeyer wrote: On Mon, Dec 30, 2019 at 05:18:01PM +0300, Anand Buddhdev wrote a message of 17 lines which said: If your domain's authoritative name servers have only IPv6 addresses, then your domain will not be resolvable by many

Re: [dns-operations] The root zone at past 1000.

William, On Wed, 8 Jul 2015 14:07:20 -0400 (EDT) William Sotomayor w...@ottix.net wrote: Well we've had December 2012 come and go, and now we're at 1003 entries in the root zone. I think we're all still here and the Internet seems functional for various definitions of 'functional'. I look

Re: [dns-operations] about resolveip command

Kevin, On Sun, 24 May 2015 20:47:44 +0800 Kevin C. ke...@dnsbed.com wrote: Do you know what's the special usage for resolveip command? I saw it's not similiar to dig tool. for instance, ~$ dig www.sina.com.cn +short jupiter.sina.com.cn. ara.sina.com.cn. 121.14.1.190 58.63.236.248

Re: [dns-operations] root name server experiment (Yeti-DNS), project announcement

All, On Thu, 07 May 2015 23:16:40 -0700 Paul Vixie p...@redbarn.org wrote: Announcing an experimental root name service (Yeti-DNS) intended to allow wide scale network science using the IANA name space but without perturbing the IANA root name server system. ... Please feel free to reach

Re: [dns-operations] zone format bind9

Randy, On Monday, 2013-02-11 12:11:47 -0800, Randy Bush ra...@psg.com wrote: i am not in love with this binary format bleep Just FYI, the binary format is *much* faster for loading (like twice as fast), which is why it is now the default. It was a kind of BCP to tell people convert to binary

Re: [dns-operations] First experiments with DNS dampening to fight amplification attacks

Roland, On Friday, 2012-10-26 01:48:44 +, Dobbins, Roland rdobb...@arbor.net wrote: On Oct 26, 2012, at 8:33 AM, Mark Andrews wrote: We essentially have the infrastructure to do this today. Not all (not even most) network infrastructure is connected to or even has connectivity to

Re: [dns-operations] Summary: Anyone still using a Sun/Oracle SCA6000 with OpenSSL?

Randy, On Monday, 2012-10-15 05:55:16 -1000, Randy Bush ra...@psg.com wrote: A hardware HSM allows you to detect when your keys get stolen (provided the hardware does not implement extraction of the keys, of course). In our case, this is the *only* reason we use a HSM at all. i keep

[dns-operations] HSM - snake oil or... something that is not snake oil (was Anyone still using a Sun/Oracle SCA6000 with OpenSSL?)

Robert, On Tuesday, 2012-10-16 14:52:09 +0200, Robert Kisteleki rob...@ripe.net wrote: Hi, (Blowing the dust off of an old hat of mine...) On 2012.10.16. 12:34, Shane Kerr wrote: i keep wondering about the use of hsms in dnssec and rpki signing. i suspect that the threat model