Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00

* Ray Bellis: I've just submitted the following draft. This will work for a short time only because those proxies will likely be changed to return their own address for DOMAIN.LOCAL.ARPA. You cannot rely on a NXDOMAIN response for DOMAIN.LOCAL.ARPA when the resolver does not support this

Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00

This will work for a short time only because those proxies will likely be changed to return their own address for DOMAIN.LOCAL.ARPA. The draft specifically prohibits this. Of course vendors _do_ ignore RFCs, otherwise this draft wouldn't be necessary. However we'd be in a good position to

Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00

* Alex Bligh: Could you amplify a bit on this one? I think what you are saying is that recursive servers which do not support DOMAIN.LOCAL.ARPA (and hence don't strip it out of any response to a recursive query) can be subject to poisoning attacks which will result in duff nameserver records

Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00

In message 82ljj61gle@mid.bfk.de, Florian Weimer writes: * Alex Bligh: Could you amplify a bit on this one? I think what you are saying is that recursive servers which do not support DOMAIN.LOCAL.ARPA (and hence don't strip it out of any response to a recursive query) can be

Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00

On 2009-10-20, at 19:29, Mark Andrews wrote: ARPA will soon be signed, so I don't think this is much to worry about. If the powers that be finally agree to make NXDOMAIN/NODATA synthesis the default in the upcoming minor DNSSEC revision, this will also help to cut down the number of

Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00

On Tue, Oct 20, 2009 at 07:38:19PM -0400, Joe Abley wrote: On 2009-10-20, at 19:29, Mark Andrews wrote: ARPA will soon be signed, so I don't think this is much to worry about. If the powers that be finally agree to make NXDOMAIN/NODATA synthesis the default in the upcoming minor DNSSEC

Re: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00

In message 1f61dd04-14a6-4349-8650-9cf27d27c...@hopcount.ca, Joe Abley writes : On 2009-10-20, at 19:29, Mark Andrews wrote: ARPA will soon be signed, so I don't think this is much to worry about. If the powers that be finally agree to make NXDOMAIN/NODATA synthesis the default in the

Re: [DNSOP] draft-yao-dnsop-idntld-implementation-00 and DNAME

- Original Message - From: Alfred H�nes a...@tr-sys.de To: draft-yao-dnsop-idntld-implementat...@cabernet.tools.ietf.org Cc: namedropp...@ops.ietf.org; dnsop@ietf.org Sent: Friday, October 16, 2009 9:53 PM Subject: [DNSOP] draft-yao-dnsop-idntld-implementation-00 and DNAME Authors: