On Tue, Jul 25, 2023 at 08:19:21PM -0700, Brian Dickson wrote:
> At the name that does not exist, generate and sign (on the fly) a CNAME
> record with RDATA of something like "nxname.empty.as112.arpa" (or something
> functionally equivalent).
Sadly, this reports that the CNAME *target* does not
On Tue, Jul 25, 2023 at 3:39 PM Shumon Huque wrote:
> On Tue, Jul 25, 2023 at 11:28 AM Viktor Dukhovni
> wrote:
>
>> On Tue, Jul 25, 2023 at 10:43:25AM -0700, Shumon Huque wrote:
>>
>> > Ok, yes, I understand now, thanks. An NXNAME ignorant validator
>> > will treat a response to a query for
On Tue, Jul 25, 2023 at 03:39:01PM -0700, Shumon Huque wrote:
> Viktor - your original suggestion was to only define the ENT sentinel
> instead of NXNAME. How would that solve the problem of systems and
> applications needing to precisely obtain the NXDOMAIN signal. Resolvers
> won't then be able
On Tue, Jul 25, 2023 at 11:28 AM Viktor Dukhovni
wrote:
> On Tue, Jul 25, 2023 at 10:43:25AM -0700, Shumon Huque wrote:
>
> > Ok, yes, I understand now, thanks. An NXNAME ignorant validator
> > will treat a response to a query for the NXNAME type specifically
> > as bogus, and could spray a
On Tue, Jul 25, 2023 at 10:43:25AM -0700, Shumon Huque wrote:
> Ok, yes, I understand now, thanks. An NXNAME ignorant validator
> will treat a response to a query for the NXNAME type specifically
> as bogus, and could spray a bunch of follow-on queries to other
> servers for the zone before
>
> I don't know much about the state of client implementations.
Regarding client implementations, for the one we use on iOS/macOS/etc, we built
this into our happy eyeballs algorithm — so as we receive addresses from the
hints in SVCB, and A, and , we add them to our list that we are
On Tue, Jul 25, 2023 at 8:42 AM Viktor Dukhovni
wrote:
> On Tue, Jul 25, 2023 at 07:35:41AM -0700, Shumon Huque wrote:
>
> > > 2. That said, there are multiple ways to *distinguish* ENT vs.
> NXDOMAIN
> > > responses:
> > >
> > > a. Sentinel RTYPE for NXDOMAIN with just NSEC +
On Tue, Jul 25, 2023 at 07:35:41AM -0700, Shumon Huque wrote:
> > 2. That said, there are multiple ways to *distinguish* ENT vs. NXDOMAIN
> > responses:
> >
> > a. Sentinel RTYPE for NXDOMAIN with just NSEC + RRSIG for ENT.
> > b. Sentinel RTYPE for ENT with just NSEC +
On Mon, Jul 24, 2023 at 1:55 PM Viktor Dukhovni
wrote:
> In today's session we had some discussion of the choice of sentinel
> RTYPEs for ENTs vs. NXDOMAIN.
>
> There isn't much in the meeting to cover the fine details of various
> alternatives, so I hope a followup message will make my comments
On Mon, Jul 24, 2023 at 07:08:29PM -0700, Brian Dickson wrote:
> I believe there are three potential query/answer things that on-line
> signers want to compactly respond to:
>
>1. Name exists, other types exist, queried type does not exist
>2. Name exists, no types exist (ENT), queried
On Tue, Jul 25, 2023 at 11:56, Abdussalam Baryun
<[abdussalambar...@gmail.com](mailto:On Tue, Jul 25, 2023 at 11:56, Abdussalam
Baryun < wrote:
> IMHO, the doc does make changes to two RFCs which are normative, so this LC
> document should update RFC1035 and RFC 6891. If you agree please
IMHO, the doc does make changes to two RFCs which are normative, so this LC
document should update RFC1035 and RFC 6891. If you agree please mention
that in the document.
AB
On Tue, Jul 25, 2023 at 11:17 AM Nicolai Leymann via Datatracker <
nore...@ietf.org> wrote:
> Reviewer: Nicolai Leymann
>
Reviewer: Nicolai Leymann
Review result: Ready with Nits
I am the designated DNS Directorate reviewer for draft-ietf-dnsop-zoneversion.
The draft is well written and defines an EDNS option which can be used for
debugging purposes.
In general I think the draft is ready for publication.
Nits:
13 matches
Mail list logo