* Ray Bellis:
I've just submitted the following draft.
This will work for a short time only because those proxies will likely
be changed to return their own address for DOMAIN.LOCAL.ARPA.
You cannot rely on a NXDOMAIN response for DOMAIN.LOCAL.ARPA when the
resolver does not support this
This will work for a short time only because those proxies will likely
be changed to return their own address for DOMAIN.LOCAL.ARPA.
The draft specifically prohibits this. Of course vendors _do_ ignore
RFCs, otherwise this draft wouldn't be necessary. However we'd be in a
good position to
* Alex Bligh:
Could you amplify a bit on this one? I think what you are saying is
that recursive servers which do not support DOMAIN.LOCAL.ARPA
(and hence don't strip it out of any response to a recursive
query) can be subject to poisoning attacks which will result in
duff nameserver records
In message 82ljj61gle@mid.bfk.de, Florian Weimer writes:
* Alex Bligh:
Could you amplify a bit on this one? I think what you are saying is
that recursive servers which do not support DOMAIN.LOCAL.ARPA
(and hence don't strip it out of any response to a recursive
query) can be
On 2009-10-20, at 19:29, Mark Andrews wrote:
ARPA will soon be signed, so I don't think this is much to worry
about. If the powers that be finally agree to make NXDOMAIN/NODATA
synthesis the default in the upcoming minor DNSSEC revision, this
will
also help to cut down the number of
On Tue, Oct 20, 2009 at 07:38:19PM -0400, Joe Abley wrote:
On 2009-10-20, at 19:29, Mark Andrews wrote:
ARPA will soon be signed, so I don't think this is much to worry
about. If the powers that be finally agree to make NXDOMAIN/NODATA
synthesis the default in the upcoming minor DNSSEC
In message 1f61dd04-14a6-4349-8650-9cf27d27c...@hopcount.ca, Joe Abley writes
:
On 2009-10-20, at 19:29, Mark Andrews wrote:
ARPA will soon be signed, so I don't think this is much to worry
about. If the powers that be finally agree to make NXDOMAIN/NODATA
synthesis the default in the
- Original Message -
From: Alfred H�nes a...@tr-sys.de
To: draft-yao-dnsop-idntld-implementat...@cabernet.tools.ietf.org
Cc: namedropp...@ops.ietf.org; dnsop@ietf.org
Sent: Friday, October 16, 2009 9:53 PM
Subject: [DNSOP] draft-yao-dnsop-idntld-implementation-00 and DNAME
Authors: