Dave Lawrence via dns-operations writes:
> I accept that the only way to really capture
> all of these queries into the global DNS is via a delegation,
Brian Dickson reminded me of his CNAME proposal earlier in the thread,
and I think that is also an approach worth further investigation.
That might not be true on some Linux distributions. Those with
systemd-resolved preinstalled (Ubuntu and Fedora) send single label
queries to LLMNR multicast resolution. I think it uses the search
directive for list of domains for local networks, but otherwise ignores
them. It is debatable
It appears that Dave Lawrence via dns-operations said:
>Ditto local roots. This feels like something Geoff Huston probably
>has some kind of data about, but a cursory search didn't turn it up.
>I personally run a local root on my home system, but how prevalent are
>they?
I believe they are
--- Begin Message ---
Vladimír Čunát writes:
> If the root zone is unchanged, many names could be hidden before
> reaching root servers - by DNSSEC aggressive caching and/or various
> local-root variants. (I'm not sure if we can well measure the extent to
> which this happens.)
That's an
--- Begin Message ---
On 06/06/2022 16.57, Dave Lawrence wrote:
To be clear, I'm not saying they*should* do it. I'm just trying to
better understand the context.
If the root zone is unchanged, many names could be hidden before
reaching root servers - by DNSSEC aggressive caching and/or
On Mon, Jun 06, 2022 at 10:57:01AM -0400, Dave Lawrence wrote:
> I seem to be exceptionally derpy right now, but I'm realizing I can't
> articulate why it can't be done with the standard NXDOMAINs that the
> roots have been issuing all along.
If the "it" is collection of extant use of a suffix,
John R Levine writes:
> Unfortunately, now we've circled back to where we started. Remember that
> the NC in NCAP stands for Name Collision, and the whole point of the
> project is to figure out how risky it is to add familiar looking new
> names.
I seem to be exceptionally derpy right now,
On Fri, 3 Jun 2022, Brian Dickson wrote:
If this increases the number of names that will break
search lists from 1487 to 1488, how much of a problem is this likely to be
in practice, which leads back to ...
If it was ONLY a progression of 1487->1488, it might not be that bad (but
again, that
On Fri, Jun 3, 2022 at 3:17 PM John R Levine wrote:
> On Fri, 3 Jun 2022, John Levine wrote:
> >> In such a configuration, if the host name "foo" matches the candidate
> TLD
> >> "foo", and the latter is changed from NXDOMAIN ...
>
> > Do we have any idea how many systems still use search lists?
> Do we have any idea how many systems still use search lists?
linux and freebsd installs encourage them
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
On Fri, 3 Jun 2022, John Levine wrote:
In such a configuration, if the host name "foo" matches the candidate TLD
"foo", and the latter is changed from NXDOMAIN ...
Do we have any idea how many systems still use search lists? We've been saying
bad things about them at least since .CS was
It appears that Brian Dickson said:
>"ndots" can generally be any number between 0 and X, for
>implementation-specific X. Some implementations cap X at 15, some at 255,
>there may be other implementations.
Do we have any idea how many systems still use search lists? We've been saying
bad things
spa...@isc.org>
> Cc: "vladimir.cunat+i...@nic.cz" , "
> dns-operati...@dns-oarc.net"
> Bcc:
> Date: Fri, 3 Jun 2022 18:48:57 +
> Subject: Re: Re: [dns-operations] Input from dns-operations on NCAP
> proposal
> Thank you David. That change from NXDOMAI
--- Begin Message ---
Thank you David. That change from NXDOMAIN to NOERROR/NODATA and things going
"boom" is exactly what we are looking for community input towards. Do folks
know of applications, or things like suffix search list processing, that will
change their behavior.
Matt
On
ptions is advisable.
Brian Dickson
P.S. This solution can be tested and validated relatively easily, as it
only involves normal, standard DNS server(s) and supported record types.
P.P.S. Of course, you would need to supply your own real domain name
anywhere in the above that "example.net"
Hi,
On Jun 1, 2022, at 12:39 AM, Petr Špaček wrote:
> On 24. 05. 22 17:54, Vladimír Čunát via dns-operations wrote:
>>> Configuration 1: Generate a synthetic NXDOMAIN response to all queries with
>>> no SOA provided in the authority section.
>>> Configuration 2: Generate a synthetic NXDOMAIN
On 24. 05. 22 17:54, Vladimír Čunát via dns-operations wrote:
On 23/05/2022 15.48, Thomas, Matthew via dns-operations wrote:
Configuration 1: Generate a synthetic NXDOMAIN response to all queries
with no SOA provided in the authority section.
I believe the protocol says not to cache such
--- Begin Message ---
Thank you, Peter, for the response.
I want to try and steer this conversation towards the main question/concern the
NCAP is looking for community input – What impact/risk comes from delegating a
TLD that was receiving NXDOMAIN responses from the root but would
Hi Thomas,
On 5/23/22 15:48, Thomas, Matthew wrote:
In the 2012 round of new gTLDs, DNS data collected at the root server system
via DNS-OARC’s DITL collection was used to assess name collision visibility.
The use of DITL data for name collision assessment purposes has growing
limitations in
--- Begin Message ---
On 23/05/2022 15.48, Thomas, Matthew via dns-operations wrote:
Configuration 1: Generate a synthetic NXDOMAIN response to all queries
with no SOA provided in the authority section.
I believe the protocol says not to cache such answers at all. Some
implementations chose
On Mon, May 23, 2022 at 1:53 PM Thomas, Matthew via dns-operations
wrote:
> DNS-Operations,
>
>
>
> The Name Collision Analysis Project (NCAP) group is considering new ways in
> which additional DNS data can be collected for name collision assessment
> purposes while attempting to preserve the
--- Begin Message ---
DNS-Operations,
The Name Collision Analysis Project (NCAP) group is considering new ways in
which additional DNS data can be collected for name collision assessment
purposes while attempting to preserve the NXDOMAIN response dependent systems
and applications currently
22 matches
Mail list logo