[DNSOP] NSEC3PARAM iteration count update

[ I'm also posting a separate copy to dns-operati...@dns-oarc.net ] In light of the observations in: https://tools.ietf.org/html/draft-york-dnsop-deploying-dnssec-crypto-algs-05#section-2.3.1 I thought it would be useful to take another look at current practice. To that end, I gathered

Re: [DNSOP] Please review in terminology-bis: In-bailiwick, Out-of-bailiwick, In-domain, Sibling domain

On 19 Dec 2017, at 10:08, Martin Hoffmann wrote: > Except that "child zone" should probably be "subordinate zones" or > something similar to also include (great)*grandchildren. If "ancestor" were acceptable, then the natural counterpart would be "descendant". 0,02 Niall O'Reilly

Re: [DNSOP] Review of draft-ietf-dnsop-terminology-bis-08

On 19 Dec 2017, at 7:09, Richard Gibson wrote: > 1\. "Domain name" is defined as «an ordered list of one or more labels… > identifying a portion along one edge of a directed acyclic graph» (presumably > starting at the root). I'm not sure why one would presume to start there. As I read the

Re: [DNSOP] kskroll-sentinel responses

On 21/12/2017 15:36, Robert Story wrote: > I reread the draft today, and noticed that two things aren't specified. > The first is the contents of the A/ RRSET returned, and the second > is the TTL for the records. > > Maybe the A/ record values could be used to return additional >

Re: [DNSOP] Review of draft-ietf-dnsop-terminology-bis-08

you guys are killing me with this thread.

Re: [DNSOP] Review of draft-ietf-dnsop-terminology-bis-08

On 12/21/2017 07:31 AM, Niall O'Reilly wrote: On 19 Dec 2017, at 7:09, Richard Gibson wrote: 1. "Domain name" is defined as «an ordered list of one or more labels… identifying a portion along one edge of a directed acyclic graph» (presumably starting at the root). I'm not sure why

Re: [DNSOP] DNSOP Digest, Vol 132, Issue 53

On Tue, Dec 19, 2017 at 02:58:57PM +0500, Tariq Saraj wrote a message of 1158 lines which said: > using a firewall based on domain names can be simply bypassed by > accessing websites through IP address. No, no, this is absolutely not what I was talking about. Instead,

[DNSOP] kskroll-sentinel responses

I reread the draft today, and noticed that two things aren't specified. The first is the contents of the A/ RRSET returned, and the second is the TTL for the records. Maybe the A/ record values could be used to return additional details? For example, whether or not the key is part of

Re: [DNSOP] Please review in terminology-bis: Global DNS and Private DNS

On Mon, Dec 18, 2017 at 09:29:58AM -0500, Ted Lemon wrote a message of 176 lines which said: > Now that I've attempted to compose this reply, it seems to me, and > perhaps was obvious to other readers more quickly because they're at > 20kft and not 1ft on this, that your

Re: [DNSOP] Review of draft-ietf-dnsop-terminology-bis-08

On 18 Dec 2017, at 14:11, Stephane Bortzmeyer wrote: >> IN-BAILIWICK > > ... > >> Also, on behalf on non-native speakers, a short explanation of the >> origin of the term would perhaps be nice. > > I like the Wiktionary (and it can be copied freely into a RFC): I like this suggestion. As a

Re: [DNSOP] Review of draft-ietf-dnsop-terminology-bis-08

On 12/21/2017 02:17 PM, Niall O'Reilly wrote: On 21 Dec 2017, at 16:06, Richard Gibson wrote: first, because it's consistent with the rest of the document in its current form (for example, the very next sentence after my quoted text describes how a fully qualified domain name "begins at the

Re: [DNSOP] Review of draft-ietf-dnsop-terminology-bis-08

On 21 Dec 2017, at 16:06, Richard Gibson wrote: > Two reasons why I presume edge direction to be away from the root: > first, because it's consistent with the rest of the document in its current > form (for example, the very next sentence after my quoted text describes how > a fully qualified

Re: [DNSOP] DNSOP Digest, Vol 132, Issue 53

hi Bortzmeyer, there are still some issues with >Any 50 US $ OpenWRT router can do it (iptables accepts domain names). >% sudo iptables -A OUTPUT -d www.example.com -j DROP >% sudo iptables -n -v -L OUTPUT >Chain OUTPUT (policy ACCEPT 184 packets, 22306 bytes) > pkts bytes target prot opt