Re: [DNSOP] I-D Action: draft-vixie-dns-rpz-04.txt

2016-12-30 Thread Vernon Schryver
] From: Mukund Sivaraman ] This is also a good point. Perhaps just saying that RPZ zone transfers ] are not assumed to be atomic for the whole zone, but only at the ] RR/policy rule level will suffice? ] ] Paul mentioned during the RPZ bar/pub meeting that the purpose of this ] RFC

Re: [DNSOP] I-D Action: draft-vixie-dns-rpz-04.txt

2016-12-30 Thread Mukund Sivaraman
On Fri, Dec 30, 2016 at 11:45:23AM +, Vernon Schryver wrote: > Then there is what should happen if a transfer of a policy zone > happens between the time QNAME rules are checked and the generally > later time when NSIP and NSDNAME rules are checked. The draft tries > to pretend that all of

Re: [DNSOP] I-D Action: draft-vixie-dns-rpz-04.txt

2016-12-30 Thread Mukund Sivaraman
Hi Vernon On Fri, Dec 30, 2016 at 11:45:23AM +, Vernon Schryver wrote: > > From: Mukund Sivaraman > > > > In 4.1.1 (IP address encoding in triggers), I suggest adding: > > > > > > - The encoded address prefix MUST NOT not have any extra trailing 1s > > > (longer address

Re: [DNSOP] search for reference

2016-12-30 Thread Vernon Schryver
> From: "A. Schulze" > > TSIG uses DNS names for encoding the algorithm type. > I didn't expected that... Beware that a very popular TSIG implementation is intermittently confused by upper case algorithm names from a peer despite the fact that they're encoded like domain

Re: [DNSOP] I-D Action: draft-vixie-dns-rpz-04.txt

2016-12-30 Thread Vernon Schryver
> From: Mukund Sivaraman > > In 4.1.1 (IP address encoding in triggers), I suggest adding: > > > > - The encoded address prefix MUST NOT not have any extra trailing 1s > > (longer address prefix than the prefix length) or the rule will be > > rejected. E.g., the following

Re: [DNSOP] search for reference

2016-12-30 Thread A. Schulze
Mukund Sivaraman: TSIG uses DNS names for encoding the algorithm type. I didn't expected that... Thanks! ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] search for reference

2016-12-30 Thread Mark Andrews
In message <20161230120013.horde.od0o75vhrxz6uxs_-ytk...@andreasschulze.de>, "A. Schulze" writes: > Hello, > > I'm searching for a reference (IANA?) that define the DNSSEC hash > algorithm hmac-sha256 > has assigned the number 159 > ( see http://git.nlnetlabs.nl/ldns/tree/ldns/keys.h#86 ) >

Re: [DNSOP] search for reference

2016-12-30 Thread Mukund Sivaraman
On Fri, Dec 30, 2016 at 12:00:13PM +0100, A. Schulze wrote: > Hello, > > I'm searching for a reference (IANA?) that define the DNSSEC hash algorithm > hmac-sha256 > has assigned the number 159 > ( see http://git.nlnetlabs.nl/ldns/tree/ldns/keys.h#86 ) > > I only found >

[DNSOP] search for reference

2016-12-30 Thread A. Schulze
Hello, I'm searching for a reference (IANA?) that define the DNSSEC hash algorithm hmac-sha256 has assigned the number 159 ( see http://git.nlnetlabs.nl/ldns/tree/ldns/keys.h#86 ) I only found https://www.iana.org/assignments/tsig-algorithm-names/tsig-algorithm-names.xhtml defining the

Re: [DNSOP] I-D Action: draft-vixie-dns-rpz-04.txt

2016-12-30 Thread Mukund Sivaraman
Hi Vernon A couple of items: 1. I sent the following text to Paul, but it has missed making this revision of the draft. Please add it into the next revision. > In 4.1.1 (IP address encoding in triggers), I suggest adding: > > - The encoded address prefix MUST NOT not have any extra trailing 1s