A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations Working Group
of the IETF.
Title : DNS Transport over TCP - Implementation Requirements
Authors : John Dickinson
On Sun, Mar 08, 2015 at 10:27:11PM -0700, Paul Vixie wrote:
Paul Wouters mailto:p...@nohats.ca
Sunday, March 08, 2015 9:03 PM
On Sun, 8 Mar 2015, Paul Vixie wrote:
So why are we proposing to ACL the ANY queries again?
because people like me with dig-based diagnostic tools want
Thanks, but I'm having a hard time grokking this. It seems other on the list
are as well.
On Mar 9, 2015, at 3:45 AM, Tony Finch d...@dotat.at wrote:
Paul Hoffman paul.hoff...@vpnc.org wrote:
My personal interpretation is that validating resolver is a synonym
for security-aware resolver.
On Mar 9, 2015, at 10:54 AM, Tony Finch d...@dotat.at wrote:
D. J. Bernstein d...@cr.yp.to wrote:
My qmail software is very widely deployed (on roughly 1 million SMTP
server IP addresses) and, by default, relies upon ANY queries in a way
that is guaranteed to work by the mandatory DNS
On Mar 9, 2015, at 11:16 AM, Edward Lewis edward.le...@icann.org wrote:
On 3/9/15, 7:08, D. J. Bernstein d...@cr.yp.to wrote:
The common theme of CNAME/MX/A and A/ is that there's widepread
interest in being able to easily retrieve multiple record types. What
I'm saying is not that
On Mon, Mar 09, 2015 at 11:08:03AM -, D. J. Bernstein wrote:
My qmail software is very widely deployed (on roughly 1 million SMTP
server IP addresses) and, by default, relies upon ANY queries in a way
that is guaranteed to work by the mandatory DNS standards.
Hi Dan,
The way I read RFC
According to my dictionary (as in, at least US english).
The usual phrasing in the sentence would be less than or fewer than.
Scott
On Mar 9, 2015, at 10:21 AM, Bob Harold rharo...@umich.edu wrote:
On Mon, Mar 9, 2015 at 10:12 AM, Stephane Bortzmeyer bortzme...@nic.fr
wrote:
On Wed,
On Mar 8, 2015, at 6:23 PM, Olafur Gudmundsson o...@ogud.com wrote:
There is a new version in the works, expect it late tomorrow (monday)
There are questions about whether NOTIMP is the correct response. Given that,
please consider starting a new -00 without notimp in the filename. That will
On Mon, 09 Mar 2015 14:21:48 +,
Bob Harold wrote:
On Mon, Mar 9, 2015 at 10:12 AM, Stephane Bortzmeyer
bortzme...@nic.fr wrote:
On Wed, Mar 04, 2015 at 08:10:11AM -0500,
Bob Harold rharo...@umich.edu wrote
a message of 218 lines which said:
I think the change
On 3/9/15, 7:08, D. J. Bernstein d...@cr.yp.to wrote:
The common theme of CNAME/MX/A and A/ is that there's widepread
interest in being able to easily retrieve multiple record types. What
I'm saying is not that query type ANY is the ultimate answer (clearly it
can be improved); what I'm
My qmail software is very widely deployed (on roughly 1 million SMTP
server IP addresses) and, by default, relies upon ANY queries in a way
that is guaranteed to work by the mandatory DNS standards.
Specifically, query type ANY matches all RR types for that node on
that server. There's an example
Jared Mauch ja...@puck.nether.net wrote:
Even ignoring if qmail is “broken”. (I would rather classify it as, could do
better)
Yes.
dnsop-any-notimp violates the principle of least surprise in technology by
returning NOTIMP where Paul Vixie suggested NOERROR/ANCOUNT=0 would be more
bert hubert bert.hub...@netherlabs.nl wrote:
On Mon, Mar 09, 2015 at 11:08:03AM -, D. J. Bernstein wrote:
My qmail software is very widely deployed (on roughly 1 million SMTP
server IP addresses) and, by default, relies upon ANY queries in a way
that is guaranteed to work by the
In article 20150309110803.4516.qm...@cr.yp.to you write:
My qmail software is very widely deployed (on roughly 1 million SMTP
server IP addresses) and, by default, relies upon ANY queries in a way
that is guaranteed to work by the mandatory DNS standards.
All the qmail installations I know
I re-send here two questions that have apparently not been addressed
in -01
On Sun, Jan 04, 2015 at 06:42:26PM +0100,
Stephane Bortzmeyer bortzme...@nic.fr wrote
a message of 37 lines which said:
Section 3, some network devices deliberately refuse to handle DNS
packets containing EDNS0
On Mon, Mar 9, 2015 at 12:05 PM, Ray Bellis ray.bel...@nominet.org.uk
wrote:
On 9 Mar 2015, at 14:28, Stephane Bortzmeyer bortzme...@nic.fr wrote:
On Fri, Mar 06, 2015 at 08:59:20PM +,
Evan Hunt e...@isc.org wrote
a message of 28 lines which said:
(As an aside: I've often
Hi,
(chair hat on)
To the question of what's on charter for DNSOP:
On Mar 9, 2015, at 7:08 AM, D. J. Bernstein d...@cr.yp.to wrote:
My understanding is that dnsop@ietf.org is not chartered to make DNS
protocol changes, so any discussion here will have to be repeated in an
appropriate
On 9 Mar 2015, at 16:32, Stephane Bortzmeyer bortzme...@nic.fr wrote:
I re-send here two questions that have apparently not been addressed
in -01
On Sun, Jan 04, 2015 at 06:42:26PM +0100,
Stephane Bortzmeyer bortzme...@nic.fr wrote
a message of 37 lines which said:
Section 3, some
On Mon, Mar 9, 2015 at 2:45 PM, Robert Edmonds edmo...@mycre.ws wrote:
Shumon Huque wrote:
PS. regarding Paul Vixie's recent suggestion of adding an or A
record
set in the additional section for a corresponding A or query, I just
learned today that Unbound already does this. Not
The justification in the introduction is misleading:
This document specifies an EDNS0 extension that allows a validating
Resolver running as a Forwarder to open a TCP connection to another
Resolver and request a DNS chain answer using one DNS query/answer
pair. This reduces the
Shumon Huque wrote:
PS. regarding Paul Vixie's recent suggestion of adding an or A record
set in the additional section for a corresponding A or query, I just
learned today that Unbound already does this. Not sure if there are any DNS
client APIs that can successfully make use of
On Mon, Mar 9, 2015 at 2:55 PM, Shumon Huque shu...@gmail.com wrote:
On Mon, Mar 9, 2015 at 2:45 PM, Robert Edmonds edmo...@mycre.ws wrote:
Shumon Huque wrote:
PS. regarding Paul Vixie's recent suggestion of adding an or A
record
set in the additional section for a corresponding A or
updated based on feedback from the mailing list
File name changed at WG secretary request
Olafur (for editors)
-- Forwarded message --
From: internet-dra...@ietf.org
Date: Mon, Mar 9, 2015 at 6:25 PM
Subject: New Version Notification for
draft-ogud-dnsop-acl-metaqueries-00.txt
Edward Lewis writes:
Operators are not bound to comply with what the IETF documents.
As I said before, this is making a mockery of the IETF standardization
process. Instead of
* obeying the existing mandatory standards,
* giving due respect to the installed base relying on the standards,
My 2 cents...
It is commonplace, these days, to clearly enumerate MANDATORY TO IMPLEMENT
elements of a protocol specification. But, this was not the typical practice at
the time RFCs 1034/1035 was written, and I don't think we can apply modern
standards-parlance retroactively. RFC 1034/1035
In message 54fdb221.8020...@nlnetlabs.nl, Willem Toorop writes:
I'd like to maintain the term exactly as specified in RFC4033
(understanding DNSSEC but not validating), because it comes in use when
talking about validating stubs.
Some network operators don't know or care about DNSSEC and do
Paul Wouters mailto:p...@nohats.ca
Monday, March 09, 2015 10:02 PM
On Sun, 8 Mar 2015, Paul Vixie wrote:
So why are we proposing to ACL the ANY queries again?
because people like me with dig-based diagnostic tools want to be able
to run ANY queries against our own servers, from our
Paul Hoffman paul.hoff...@vpnc.org wrote:
My personal interpretation is that validating resolver is a synonym
for security-aware resolver. Do others agree? If not, how would you
differentiate them?
No, security-aware means that the doftware understands the special
semantics of RRSIG, NSEC,
Olafur Gudmundsson wrote:
There is a new version in the works, expect it late tomorrow (monday)
[...]
I tries to define that resolver treat NOTIMP as long term signal
that resolver should keep track of and not retry.
That's a bad idea, IMO. When the resolver gets a NOTIMP response, it
has
Olafur Gudmundsson o...@ogud.com wrote:
It does not outlaw ANY per say, just says limit it to trusted parties.
It applies to all meta types, including RRSIG.
I think you should suggest that implementations should have reasonably
fine-grained ACLs, e.g. we currently have an ACL for AXFR+IXFR;
30 matches
Mail list logo
