Re: [DNSOP] draft-ietf-dnsop-no-response-issue-03

In message <47e7e680-4554-4978-b3a6-17de2690a...@icann.org>, Edward Lewis write s: > On 8/25/16, 17:56, "DNSOP on behalf of Mark Andrews" on behalf of ma...@isc.org> wrote: > > >If you don't want to implement a EDNS than don't implement it. If > you don't

Re: [DNSOP] draft-ietf-dnsop-no-response-issue-03

On 8/25/16, 17:56, "DNSOP on behalf of Mark Andrews" wrote: >If you don't want to implement a EDNS than don't implement it. If you don't want to use a EDNS option with some client then just ignore the option. Similarly for

Re: [DNSOP] draft-ietf-dnsop-no-response-issue-03

Not answering queries has effects on OTHER servers. Because there are servers out there that don't answer EDNS queries or only answer the first EDNS query resolvers have to ASSUME that no answer to a EDNS quere means "NO EDNS". They then make a plain DNS query and get a answer. Those servers

Re: [DNSOP] draft-ietf-dnsop-no-response-issue-03

On Thu, Aug 25, 2016 at 9:23 AM, Tony Finch wrote: > william manning wrote: > >> On Thursday, 25 August 2016, Tony Finch wrote: >> >> > william manning > wrote: >> > >> > > I'm with Ed here, A

Re: [DNSOP] draft-ietf-dnsop-no-response-issue-03

william manning wrote: > On Thursday, 25 August 2016, Tony Finch wrote: > > > william manning > wrote: > > > > > I'm with Ed here, A valid response is silence. > > > > I think it is important for people

Re: [DNSOP] draft-ietf-dnsop-no-response-issue-03

william manning wrote: > I'm with Ed here, A valid response is silence. I think it is important for people producing and deploying DNS server software and DNS-interfering middleboxes to understand the bad consequences of dropping queries or responses. If you

Re: [DNSOP] draft-ietf-dnsop-no-response-issue-03

I'm with Ed here, A valid response is silence. The resolver/client has no way to determine if the lack of a reply is due to the server has chosen silence, or if there was something in-path which dropped the packet. In this case, client misbehaviour is panicking and sending many queries to try

Re: [DNSOP] draft-ietf-dnsop-no-response-issue-03

On Thu, Aug 25, 2016 at 04:35:52AM +, Viktor Dukhovni wrote a message of 89 lines which said: > When a nameserver consistently fails to respond: Add "it may make easier for a third-party to inject bogus responses". See

Re: [DNSOP] draft-ietf-dnsop-no-response-issue-03

See also https://ednscomp.isc.org/compliance/alexa-report.html -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ DNSOP mailing list DNSOP@ietf.org

Re: [DNSOP] draft-ietf-dnsop-no-response-issue-03

On Thu, Aug 18, 2016 at 02:34:54PM +, Edward Lewis wrote: > ##1. Introduction > ## > ## The DNS [RFC1034], [RFC1035] is a query / response protocol. Failure > ## to respond to queries or to respond incorrectly causes both immediate > ## operational problems and long term problems with

Re: [DNSOP] draft-ietf-dnsop-no-response-issue-03

Mark and I sat down and talked about this draft in Berlin, and I have some strong concerns about specific sections (3 and 10), but I also love large parts of the draft. I have a (rather) large sheet of edits for him that I promised him I would get to him. I have failed him. I will effort

Re: [DNSOP] draft-ietf-dnsop-no-response-issue-03

In message , Edward Lewis writes: > > ## A Common Operational Problem in DNS Servers - Failure To Respond. > ## draft-ietf-dnsop-no-response-issue-03 > > I have a lot of high-level concerns with this document. > > ##1.