On Friday, 22 May 2020 21:59:11 UTC Bill Woodcock wrote:
> > On May 22, 2020, at 3:38 AM, Paul Vixie wrote:
> > ...
> >
> > these services aren't public in any way, and should not be described as
> > public. they are operated privately for private purposes
>
> True of Google and Cloudflare, not
On Fri, May 22, 2020 at 10:55:34AM +1000, George Michaelson wrote:
> My Colleague George Kuo asked me for definitions of public DNS
> service. not "public DNS" but the trigram "public DNS service"
Is there room for this bike:
1) Policy: A "public DNS service" is a full DNS speaker outside of
Michael
Thanks for reviewing the -06 changes and thanks for dropping your
objections.
I will work with the authors on cleaning up the text.
As for your comments on Standards Track, as a chair and not a chair, I have
moved back toward not making this Standards Track, but Informational.
I will need
> On May 22, 2020, at 3:38 AM, Paul Vixie wrote:
>
> On Friday, 22 May 2020 00:55:34 UTC George Michaelson wrote:
>> My Colleague George Kuo asked me for definitions of public DNS
>> service. not "public DNS" but the trigram "public DNS service"
>>
>> Colloquially we understand this reasonably
Hi -
With the change to remove ZONEMD from the calculation (apparently in
-06), I no longer have any objections related to future proofing.
But, with the change, the text needs some additional clean up.
Instead of the current section 3 - use something like this:
>>
3. Updating the Zone for Z
In article you write:
>So it seems compared the other DNS problems, this is pretty much
>non-existing.
It seems to me it's more a policy issue than a technical one.
It's technically trivial for any zone manager to compare the glue in
the zone with the delegated entries and see what's different.
I think despite what Paul H. said this is already covered in RFC 8499:
Open resolver: A full-service resolver that accepts and processes
queries from any (or nearly any) client. This is sometimes also
called a "public resolver", although the term "public resolver" is
used mo
Shumon Huque wrote:
>
> Here's the announcement of that change from Verisign (January 2010):
>
> https://lists.dns-oarc.net/pipermail/dns-operations/2010-January/004841.html
That's the one! - point 2 was what I was thinking of. The way they handle
glue under domains that are on hold is very trick
On Fri, 22 May 2020, Joe Abley wrote:
It'd be interesting to continue this kind of experiment over time and see where
the success rate for those queries is trending.
Although the 2010 announcement email listed only 2829 out of what? 70M
domains? And that was before DNSSEC and servers like unb
On Friday, 22 May 2020 02:38 Paul Vixie wrote:
>
> On Friday, 22 May 2020 00:55:34 UTC George Michaelson wrote:
>> My Colleague George Kuo asked me for definitions of public DNS
>> service. not "public DNS" but the trigram "public DNS service"
>>
>> Colloquially we understand this reasonably wel
On Fri, May 22, 2020 at 10:52 AM Joe Abley wrote:
> On 21 May 2020, at 16:07, Warren Kumari wrote:
>
> > What does all of this *mean*?
> > ..
> > ..
> > ..
> > Sorry, I haven't a clue, other than maybe:
> > The DNS is weird.
>
> In your experiment it seems clear that all the glue records you are
On Fri, 22 May 2020, Joe Abley wrote:
I think that some of the things you have been looking at concern orphan glue,
John -- glue records that have been promoted to authoritative, signed RRSets in
the TLD zone following the removal of a zone cut.
I think what Warren is talking about is the beha
On 21 May 2020, at 16:07, Warren Kumari wrote:
> What does all of this *mean*?
> ..
> ..
> ..
> Sorry, I haven't a clue, other than maybe:
> The DNS is weird.
In your experiment it seems clear that all the glue records you are looking for
are being returned from the involved authority-only serv
On Fri, May 22, 2020 at 10:44 AM Joe Abley wrote:
> Hi Tony,
>
> On 22 May 2020, at 08:47, Tony Finch wrote:
>
> > John R Levine wrote:
> >>
> >> A week or two ago I scannned TLD zone files to see how many signed A
> and
> >> records there were. Quite a lot, most looks to be orphan glue i
Hi Tony,
On 22 May 2020, at 08:47, Tony Finch wrote:
> John R Levine wrote:
>>
>> A week or two ago I scannned TLD zone files to see how many signed A and
>> records there were. Quite a lot, most looks to be orphan glue in Afilias
>> zones that they didn't delete after the registered zon
Hi John,
On 21 May 2020, at 17:41, John Levine wrote:
> In article
> you
> write:
>> What if you *only* have glue, and no authoritative answer / server?
>> Can I register example.com, put in www.example.com A 192.0.2.1 as
>> glue, and not bother with this whole annoying authoritative server
>
[ObDisclaimer: I work for ISOC, but don't speak for them.]
On Fri, May 22, 2020 at 09:24:51AM -0400, John R Levine wrote:
I believe that the policy is to remove orphan glue, and the glue in
the Afilias zones is due to software bugs. It's not just .org, it's
also ..info and .mobi and other zone
On Fri, 22 May 2020, Tony Finch wrote:
I vaguely remember a policy change in .com and .net years ago when they
stopped including orphan glue in the zones. Was this to do with prep work
for DNSSEC? I'm slightly surprised .org didn't follow suit.
I believe that the policy is to remove orphan glue
John R Levine wrote:
>
> A week or two ago I scannned TLD zone files to see how many signed A and
> records there were. Quite a lot, most looks to be orphan glue in Afilias
> zones that they didn't delete after the registered zone went away.
I vaguely remember a policy change in .com and .n
[ObDisclaim: I work for the Internet Society, but I'm not speaking for
them.]
On Thu, May 21, 2020 at 05:51:37PM -0400, Warren Kumari wrote:
These IPs are only in the ADDITIONAL section - they should not be used
as answers.
Are you quite sure they're not getting used as answers though? Are
yo
20 matches
Mail list logo
