Hello,
(re-sending to list)
I would like to find a solution which covers other possible failure modes than
SERVFAIL, too.
Looking at BIND 9.9, it sometimes can return NXDOMAIN or even NOERROR when
validation fails for some obscure reasons.
E.g. an attempt to invent private TLD like 'mycompany'
On Wed, Jun 03, 2015 at 08:40:16AM +0200, Petr Spacek wrote:
Could this be added to agenda for IETF 93? Does it make sense to discuss
it there?
Unfortunately I won't be in Prague, but I do expect to be in Yokohama.
If you or someone else would like to push the idea forward in my absence,
that's
On Wed, Feb 11, 2015 at 05:36:22PM +0100, Petr Spacek wrote:
In other words, I do not think we can prevent people from doing crazy things
just by obscuring format of diagnostics data. I'm sure somebody will try to
parse free-form string 'signature expired 1 week ago' and do some decisions
from
On Wed, Feb 11, 2015 at 03:44:31PM +0100, Pier Carlo Chiodi wrote:
Wild idea: Could it be solved by adding more information to SERVFAIL
answer?
a draft was proposed with this very topic, but it's expired now:
https://datatracker.ietf.org/doc/draft-hunt-dns-server-diagnostics/
I'd be
Hi Petr,
This has been discussed in the past a few times and died as people could not
agree on what the format of the record was going to be, if it was going to be
useful for human or computers
etc.
The first idea was probably presented in 1987 by Robert Watson and myself
On 11.2.2015 17:08, Evan Hunt wrote:
On Wed, Feb 11, 2015 at 03:44:31PM +0100, Pier Carlo Chiodi wrote:
Wild idea: Could it be solved by adding more information to SERVFAIL
answer?
a draft was proposed with this very topic, but it's expired now:
Hello dnsop,
while implementing DNSSEC validation into Fedora/RHEL distributions we face
problems with debugging SERVFAILs seen by stub resolvers because different
causes of SERVFAILs are indistinguishable.
Even in cases where we have access to server logs (e.g. because the validating
resolver
Hello,
On 2015-02-11 15:18, Petr Spacek wrote:
while implementing DNSSEC validation into Fedora/RHEL distributions we
face
problems with debugging SERVFAILs seen by stub resolvers because
different
causes of SERVFAILs are indistinguishable.
...
Wild idea: Could it be solved by adding more