[ I'm also posting a separate copy to dns-operati...@dns-oarc.net ]
In light of the observations in:
https://tools.ietf.org/html/draft-york-dnsop-deploying-dnssec-crypto-algs-05#section-2.3.1
I thought it would be useful to take another look at current practice.
To that end, I gathered
On 19 Dec 2017, at 10:08, Martin Hoffmann wrote:
> Except that "child zone" should probably be "subordinate zones" or
> something similar to also include (great)*grandchildren.
If "ancestor" were acceptable, then the natural counterpart would be
"descendant".
0,02
Niall O'Reilly
On 19 Dec 2017, at 7:09, Richard Gibson wrote:
> 1\. "Domain name" is defined as «an ordered list of one or more labels…
> identifying a portion along one edge of a directed acyclic graph» (presumably
> starting at the root).
I'm not sure why one would presume to start there. As I read the
On 21/12/2017 15:36, Robert Story wrote:
> I reread the draft today, and noticed that two things aren't specified.
> The first is the contents of the A/ RRSET returned, and the second
> is the TTL for the records.
>
> Maybe the A/ record values could be used to return additional
>
you guys are killing me with this thread.
On 12/21/2017 07:31 AM, Niall O'Reilly wrote:
On 19 Dec 2017, at 7:09, Richard Gibson wrote:
1. "Domain name" is defined as «an ordered list of one or more
labels… identifying a portion along one edge of a directed acyclic
graph» (presumably starting at the root).
I'm not sure why
On Tue, Dec 19, 2017 at 02:58:57PM +0500,
Tariq Saraj wrote
a message of 1158 lines which said:
> using a firewall based on domain names can be simply bypassed by
> accessing websites through IP address.
No, no, this is absolutely not what I was talking about. Instead,
I reread the draft today, and noticed that two things aren't specified.
The first is the contents of the A/ RRSET returned, and the second
is the TTL for the records.
Maybe the A/ record values could be used to return additional
details? For example, whether or not the key is part of
On Mon, Dec 18, 2017 at 09:29:58AM -0500,
Ted Lemon wrote
a message of 176 lines which said:
> Now that I've attempted to compose this reply, it seems to me, and
> perhaps was obvious to other readers more quickly because they're at
> 20kft and not 1ft on this, that your
On 18 Dec 2017, at 14:11, Stephane Bortzmeyer wrote:
>> IN-BAILIWICK
>
> ...
>
>> Also, on behalf on non-native speakers, a short explanation of the
>> origin of the term would perhaps be nice.
>
> I like the Wiktionary (and it can be copied freely into a RFC):
I like this suggestion.
As a
On 12/21/2017 02:17 PM, Niall O'Reilly wrote:
On 21 Dec 2017, at 16:06, Richard Gibson wrote:
first, because it's consistent with the rest of the document in its current form (for
example, the very next sentence after my quoted text describes how a fully qualified
domain name "begins at the
On 21 Dec 2017, at 16:06, Richard Gibson wrote:
> Two reasons why I presume edge direction to be away from the root:
> first, because it's consistent with the rest of the document in its current
> form (for example, the very next sentence after my quoted text describes how
> a fully qualified
hi Bortzmeyer,
there are still some issues with
>Any 50 US $ OpenWRT router can do it (iptables accepts domain names).
>% sudo iptables -A OUTPUT -d www.example.com -j DROP
>% sudo iptables -n -v -L OUTPUT
>Chain OUTPUT (policy ACCEPT 184 packets, 22306 bytes)
> pkts bytes target prot opt
13 matches
Mail list logo