On Fri, Jul 27, 2018 at 06:17:37PM -0400, Paul Wouters wrote:
> we can do AXFR but that would keep the root servers mission critical.
Also, the only currently practical channel security for AXFR is TSIG and
it can't scale to hundreds of thousands of clients.
Speaking as an implementer, I like
On Fri, 27 Jul 2018, Warren Kumari wrote:
This can, but does not have, to be built into the nameserver itself.
Those are just more arguments to not have a DNS checksum/sig option.
What I see is that:
We are looking at a way to distribute the root zone, presumably to
make the root servers
At Fri, 27 Jul 2018 16:43:44 -0400,
Warren Kumari wrote:
> > Right, so I think one main question is why the root DNS zone case is
> > so special that a protocol extension is justified. Personally, I'm
> > not yet fully convinced about it through the discussion so far. As
> > several other
On Fri, Jul 27, 2018 at 3:02 PM 神明達哉 wrote:
>
> At Fri, 27 Jul 2018 10:59:53 +0800,
> Davey Song wrote:
>
> > > The problem is that when you have every recursive server in the world with
> > > a copy of the root zone from “random places” you want to reduce the
> > > possible error spaces into
At Fri, 27 Jul 2018 10:59:53 +0800,
Davey Song wrote:
> > The problem is that when you have every recursive server in the world with
> > a copy of the root zone from “random places” you want to reduce the
> > possible error spaces into manageable chunks when things go wrong which
> > they will.
On Thu, Jul 26, 2018 at 09:33:20PM -0700, Spencer Dawkins wrote:
> --
> COMMENT:
> --
[snip]
>
> This next one is well within the "Spencer wouldn't have done it
In article
you write:
>-=-=-=-=-=-
>
>Let me play Candide and stumble into this naively. If we’re imagining very
>wide spread distribution of the root zone, say 100,000 or 1,000,000 local
>copies distributed twice a day, I would expect the evolution of a set of
>trusted sources and the use of
Benjamin Kaduk has entered the following ballot position for
draft-ietf-dnsop-session-signal-12: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer
On Thu, Jul 26, 2018 at 11:07 PM Mark Andrews wrote:
>
>
> > On 27 Jul 2018, at 12:39 pm, Steve Crocker wrote:
> >
> > The passage below puzzles me. Why do you want servers to get the root
> zone from less trusted sources?
>
> 1) to spread load.
> 2) not all recursive servers have direct
On Fri, Jul 27, 2018 at 7:28 AM Jim Reid wrote:
>
> > On 27 Jul 2018, at 12:17, Tony Finch wrote:
> >
> > Ah, the obvious solution is to deprecate zone files and just ship update
> > journals instead!
>
> Why not go for distributed hash tables? :-)
>
> Says he running away to watch the
> On 27 Jul 2018, at 12:17, Tony Finch wrote:
>
> Ah, the obvious solution is to deprecate zone files and just ship update
> journals instead!
Why not go for distributed hash tables? :-)
Says he running away to watch the fireworks from a safe distance...
Paul Vixie wrote:
>
> egads, i may have stumbled upon a use case for block chains.
Ah, the obvious solution is to deprecate zone files and just ship update
journals instead!
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Viking, North Utsire, South Utsire: Southeasterly 5 to 7, occasionally 4
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : A Common Operational Problem in DNS Servers - Failure
To Respond.
Authors : M. Andrews
13 matches
Mail list logo