On Friday, April 7, 2017 12:51:40 AM GMT David Conrad wrote:
> Paul,
>
> On Apr 6, 2017, 2:24 PM -1000, Paul Vixie , wrote:
> > the proviso is, RFC 7706 is also completely unsuitable for non-hardcore or
> > non-experienced or non-protocol-geeks;
> ... This strikes me as a bit
Paul,
On Apr 6, 2017, 2:24 PM -1000, Paul Vixie , wrote:
> the proviso is, RFC 7706 is also completely unsuitable for non-hardcore or
> non-experienced or non-protocol-geeks;
7706 doesn't recommend editing someone else's zone file, re-signing it, and
figuring out how to
On Thursday, April 6, 2017 11:53:25 PM GMT David Conrad wrote:
> On Apr 6, 2017, 2:32 AM -1000, Paul Vixie , wrote:
> > if you want to run yeti-style, there are some perl scripts that will
> > fetch and verify the root zone, edit the apex NS and DNSKEY RRsets,
> > re-sign with
On Apr 6, 2017, 2:32 AM -1000, Paul Vixie , wrote:
> if you want to run yeti-style, there are some perl scripts that will
> fetch and verify the root zone, edit the apex NS and DNSKEY RRsets,
> re-sign with your local key, and give you a zone you can run on several
> servers
Bob Harold writes:
> This one still needs to be fixed:
Thanks Bob. That was a straight copy; I hope to do a new
version immediately and will certainly make that change.
--
Wes Hardaker
USC/ISI
___
DNSOP mailing list
On Tue, Mar 28, 2017 at 4:34 PM, IETF Secretariat <
ietf-secretariat-re...@ietf.org> wrote:
>
> The DNSOP WG has placed draft-kristoff-dnsop-dns-tcp-requirements in
> state
> Candidate for WG Adoption (entered by Tim Wicinski)
>
> The document is available at
>
On Apr 6, 2017, at 11:25 AM, Matthew Pounsett
> wrote:
On 15 March 2017 at 13:31, Paul Hoffman
> wrote:
Greetings again. RSSAC has published a lexicon of terms that are commonly used
with
On 15 March 2017 at 13:31, Paul Hoffman wrote:
> Greetings again. RSSAC has published a lexicon of terms that are commonly
> used with respect to the root of the public DNS, but are not in RFC 7719. I
> have opened an issue for the terminology-bis document at
>
Jelte Jansen wrote:
>
> We can certainly discuss alternative schemes, RSASSA-PSS is a potential
> alternative, which I understand is considered (much?) better. It has a
> big drawback though, in that it requires salt, which can be a big issue
> for large deployments.
As I
Bjørn Mork wrote:
> Tony Finch writes:
...
>> You might be able to work around the problem by adding a
>> match-recursion-only option to the recursive view, and adding a
>> non-recursive view that has allow-query-cache, and use attach-cache
>> so all views share the same cache. I
Bjørn Mork wrote:
>
> Recently I noticed a side effect of this configuration which I consider
> unwanted and unexpected: It changes how BIND replies to requests without
> the RD bit set. BIND will normally answer such requests with a "best
> possible redirection", using any
Hello,
We are currently trying out the configuration recommended by RFC7706,
serving a copy of the root zone on a loopback. We are using BIND 9.10
and our configuration is directly copied from the example in appendix
B.1. Even down to the actual loopback address used, as we needed a
dedicated
On 2017-04-05 16:50, Mukund Sivaraman wrote:
>> Also, it is weird that a draft that is about having a fallback if a hash
>> algorithm becomes weakened uses the RSASSA-PKCS1-v1_5 signature scheme,
>> given that PKCS1 1.5 is already known to be weakened.
>
> It was to allow simple addition of the
13 matches
Mail list logo