[DNSOP] I-D Action: draft-thomassen-dnsop-generalized-dns-notify-02.txt

2023-08-07 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the Domain Name System Operations (DNSOP) WG of the IETF. Title : Generalized DNS Notifications Authors : Johan Stenstam Peter

Re: [DNSOP] I-D Action: draft-thomassen-dnsop-generalized-dns-notify-02.txt

2023-08-07 Thread Peter Thomassen
For now, minor changes only: - added John as an author - explained why using an in-band message format is reasonable (as explained in Johan's talk SFO) Thanks, Peter On 8/7/23 11:52, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts

Re: [DNSOP] Compact DoE sentinel choice

2023-08-07 Thread Shumon Huque
Paging this thread back in after a break ... On Tue, Jul 25, 2023 at 8:07 PM Viktor Dukhovni wrote: > On Tue, Jul 25, 2023 at 03:39:01PM -0700, Shumon Huque wrote: > > > Viktor - your original suggestion was to only define the ENT sentinel > > instead of NXNAME. How would that solve the problem

Re: [DNSOP] [Ext] Compact DoE sentinel choice

2023-08-07 Thread Mark Andrews
> On 8 Aug 2023, at 11:27, Shumon Huque wrote: > > On Mon, Aug 7, 2023 at 9:20 PM Mark Andrews wrote: > > You can’t query for NSEC3 records. NSEC3 names do not prevent wildcard > matches nor are NSEC3 records or their RRSIGs returned for * queries at the > hashed name. They are pure

Re: [DNSOP] [Ext] Compact DoE sentinel choice

2023-08-07 Thread Mark Andrews
> On 8 Aug 2023, at 10:58, Shumon Huque wrote: > > On Wed, Jul 26, 2023 at 11:05 PM Edward Lewis wrote: > On 7/24/23, 1:55 PM, "DNSOP on behalf of Viktor Dukhovni" > wrote: > >2. That said, there are multiple ways to *distinguish* ENT vs. NXDOMAIN > >responses: > > > >

Re: [DNSOP] [Ext] Compact DoE sentinel choice

2023-08-07 Thread Shumon Huque
On Wed, Jul 26, 2023 at 11:05 PM Edward Lewis wrote: > On 7/24/23, 1:55 PM, "DNSOP on behalf of Viktor Dukhovni" < > dnsop-boun...@ietf.org on behalf of ietf-d...@dukhovni.org> wrote: > >2. That said, there are multiple ways to *distinguish* ENT vs. > NXDOMAIN > >responses: > > > >

Re: [DNSOP] [Ext] Compact DoE sentinel choice

2023-08-07 Thread Shumon Huque
On Mon, Jul 31, 2023 at 11:58 AM Edward Lewis wrote: > > E.g., while preparing this message I tried these two dig messages: > > dig somename.cloudflare.com a @ns3.cloudflare.com. > and > dig somename.cloudflare.com a > > The first returned NXDOMAIN, the later NoError/NoData. If I were a human >

Re: [DNSOP] [Ext] Compact DoE sentinel choice

2023-08-07 Thread Shumon Huque
On Mon, Aug 7, 2023 at 9:20 PM Mark Andrews wrote: > > You can’t query for NSEC3 records. NSEC3 names do not prevent wildcard > matches nor are NSEC3 records or their RRSIGs returned for * queries at the > hashed name. They are pure metadata. NSEC3 records and their RRSIGs exist > in their