Paul Vixie 于2017年9月12日周二 下午11:14写道:
>
>
> Stephane Bortzmeyer wrote:
> > On Tue, Sep 12, 2017 at 09:50:37AM +,
> > Lanlan Pan wrote
> > a message of 210 lines which said:
> >
> >> ATR make Authoritative Servers send normal big response packet
> >>
no only localhost.example.com : http://seclists.org/bugtraq/2008/Jan/270
if xxx.example.com is NXDOMAIN , there is similar risk cause by the
"nxdomain redirect" recursive dns (they return a hijack A RR ).
CA SSO (siteminder) may be a solution.
localhost. seems a new special-use TLD, like arpa.
You've made your position clear, thanks.
On Sep 13, 2017 20:54, "Mark Andrews" wrote:
>
> In message <714677ea-e3c8-4145-825c-5ba8eabd0...@fugue.com>, Ted Lemon
> writes:
> >
> > On Sep 13, 2017, at 1:19 PM, John Levine wrote:
> > > I concur with Mark that while
In message <714677ea-e3c8-4145-825c-5ba8eabd0...@fugue.com>, Ted Lemon writes:
>
> On Sep 13, 2017, at 1:19 PM, John Levine wrote:
> > I concur with Mark that while localhost. is a problem,
> > .localhost is not. I've occasionally used that hack to pass
> > traffice to various
On Sep 13, 2017, at 1:19 PM, John Levine wrote:
> I concur with Mark that while localhost. is a problem,
> .localhost is not. I've occasionally used that hack to pass
> traffice to various servers running on 127/8 addresses other than
> 127.0.0.1.
So we should expose end-users
On Sep 13, 2017, at 12:46 PM, Matthew Pounsett wrote:
> I thought the goal was to ensure that localhost names map to loopback.
No. If that were the goal, we might well be proposing using DNS to provide
that information. The goal is to make localhost less of an attack
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : Security Considerations for RFC5011 Publishers
Authors : Wes Hardaker
Tony Finch writes:
> From my brief look at a small amount of traffic, localhost queries are
> basically all handled inside the stub, so it is de facto as you
> describe.
Just as an FYI data point: On April 12th (a DITL day) B-root received
just shy of a million packets with
In article <20170913030645.946e88551...@rock.dv.isc.org> you write:
>> When we look at edge cases like this, it's tempting to be swept away by
>> the futility of trying to close every gap. But it's still worth closing
>> the ones we can close. Trying to outlaw localhost.* is hopeless. But
>>
Mike, after your lengthy last review I went through and carefully made
sure each of your comments were considered. Most resulted in changes, a
few seemed to be just comments and there was nothing to do, and two we
didn't think were correct. Below is the summary of the changes in the
most recent
Bob Harold writes:
> "T-29" should be "T+29"
Good catch; thank you!
--
Wes Hardaker
USC/ISI
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
On 12 September 2017 at 20:14, Ted Lemon wrote:
> On Sep 12, 2017, at 11:06 PM, Mark Andrews wrote:
>
> Oh sorry you can't use SRV with localhost to assign a port to this
> protocol THAT HAS NO DEFAULT PORT and only a NAME. Is this what you
> REALLY want to do?
In article <153c19cc-3120-466a-a158-a9833a2d1...@powerdns.com> you write:
>> I agree that localhost. pointing to loopback is generally asking
>> for trouble, but I am not at this point sufficiently confident that it
>> is never ever a good idea to say MUST NOT rather than SHOULD NOT. I
>> can for
On Tue, Sep 12, 2017 at 7:25 PM, wrote:
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Domain Name System Operations WG of the
> IETF.
>
> Title : Security Considerations for
Sorry, You are right.
> -邮件原件-
> 发件人: Davey Song(宋林健) [mailto:ljs...@biigroup.cn]
> 发送时间: 2017年9月13日 17:56
> 收件人: 'Lanlan Pan'; 'Davey Song'
> 抄送: 'dnsop'
> 主题: 答复: [DNSOP] Fwd: I-D Action: draft-song-atr-large-resp-00.txt
>
>
> > ATR make Authoritative Servers send normal big response
> ATR make Authoritative Servers send normal big response packet before they
> try to send TC response for large RRsets ?
No. big response packet first, then TC response.
Davey
___
DNSOP mailing list
DNSOP@ietf.org
Hi All,
Based on the discussions at IETF 99 and on the list this update to the draft
makes a number of changes:
* The Title of the draft has been changed to ‘DNS Stateful Operations’ (DSO) to
reflect the fact that the TLV format is not limited to being used for signalling
* The draft now
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : DNS Stateful Operations
Authors : Ray Bellis
Stuart Cheshire
Hello John,
On 13 Sep 2017, at 4:15, John Levine wrote:
In article <63da2e77-8507-4f25-8684-14eabf9a5...@powerdns.com> you
write:
Since we are doing a draft/RFC on what localhost is and is not, I
suggest we put some text in there banning (MUST NOT) the practice of
having localhost entries (at
19 matches
Mail list logo