Re: [DNSOP] Fwd: I-D Action: draft-song-atr-large-resp-00.txt

Paul Vixie 于2017年9月12日周二 下午11:14写道： > > > Stephane Bortzmeyer wrote: > > On Tue, Sep 12, 2017 at 09:50:37AM +, > > Lanlan Pan wrote > > a message of 210 lines which said: > > > >> ATR make Authoritative Servers send normal big response packet > >>

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

no only localhost.example.com : http://seclists.org/bugtraq/2008/Jan/270 if xxx.example.com is NXDOMAIN , there is similar risk cause by the "nxdomain redirect" recursive dns (they return a hijack A RR ). CA SSO (siteminder) may be a solution. localhost. seems a new special-use TLD, like arpa.

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

You've made your position clear, thanks. On Sep 13, 2017 20:54, "Mark Andrews" wrote: > > In message <714677ea-e3c8-4145-825c-5ba8eabd0...@fugue.com>, Ted Lemon > writes: > > > > On Sep 13, 2017, at 1:19 PM, John Levine wrote: > > > I concur with Mark that while

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

In message <714677ea-e3c8-4145-825c-5ba8eabd0...@fugue.com>, Ted Lemon writes: > > On Sep 13, 2017, at 1:19 PM, John Levine wrote: > > I concur with Mark that while localhost. is a problem, > > .localhost is not. I've occasionally used that hack to pass > > traffice to various

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

On Sep 13, 2017, at 1:19 PM, John Levine wrote: > I concur with Mark that while localhost. is a problem, > .localhost is not. I've occasionally used that hack to pass > traffice to various servers running on 127/8 addresses other than > 127.0.0.1. So we should expose end-users

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

On Sep 13, 2017, at 12:46 PM, Matthew Pounsett wrote: > I thought the goal was to ensure that localhost names map to loopback. No. If that were the goal, we might well be proposing using DNS to provide that information. The goal is to make localhost less of an attack

[DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-security-considerations-04.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations WG of the IETF. Title : Security Considerations for RFC5011 Publishers Authors : Wes Hardaker

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

Tony Finch writes: > From my brief look at a small amount of traffic, localhost queries are > basically all handled inside the stub, so it is de facto as you > describe. Just as an FYI data point: On April 12th (a DITL day) B-root received just shy of a million packets with

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

In article <20170913030645.946e88551...@rock.dv.isc.org> you write: >> When we look at edge cases like this, it's tempting to be swept away by >> the futility of trying to close every gap. But it's still worth closing >> the ones we can close. Trying to outlaw localhost.* is hopeless. But >>

[DNSOP] Responding to MSJ review of the previous rfc5011-security-considerations

Mike, after your lengthy last review I went through and carefully made sure each of your comments were considered. Most resulted in changes, a few seemed to be just comments and there was nothing to do, and two we didn't think were correct. Below is the summary of the changes in the most recent

Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-security-considerations-03.txt

Bob Harold writes: > "T-29" should be "T+29" Good catch; thank you! -- Wes Hardaker USC/ISI ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

On 12 September 2017 at 20:14, Ted Lemon wrote: > On Sep 12, 2017, at 11:06 PM, Mark Andrews wrote: > > Oh sorry you can't use SRV with localhost to assign a port to this > protocol THAT HAS NO DEFAULT PORT and only a NAME. Is this what you > REALLY want to do?

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

In article <153c19cc-3120-466a-a158-a9833a2d1...@powerdns.com> you write: >> I agree that localhost. pointing to loopback is generally asking >> for trouble, but I am not at this point sufficiently confident that it >> is never ever a good idea to say MUST NOT rather than SHOULD NOT. I >> can for

Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-security-considerations-03.txt

On Tue, Sep 12, 2017 at 7:25 PM, wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations WG of the > IETF. > > Title : Security Considerations for

[DNSOP] 答复: Fwd: I-D Action: draft-song-atr-large-resp-00.txt

Sorry, You are right. > -邮件原件- > 发件人: Davey Song(宋林健) [mailto:ljs...@biigroup.cn] > 发送时间: 2017年9月13日 17:56 > 收件人: 'Lanlan Pan'; 'Davey Song' > 抄送: 'dnsop' > 主题: 答复: [DNSOP] Fwd: I-D Action: draft-song-atr-large-resp-00.txt > > > > ATR make Authoritative Servers send normal big response

[DNSOP] 答复: Fwd: I-D Action: draft-song-atr-large-resp-00.txt

> ATR make Authoritative Servers send normal big response packet before they > try to send TC response for large RRsets ? No. big response packet first, then TC response. Davey ___ DNSOP mailing list DNSOP@ietf.org

Re: [DNSOP] I-D Action: draft-ietf-dnsop-session-signal-04.txt

Hi All, Based on the discussions at IETF 99 and on the list this update to the draft makes a number of changes: * The Title of the draft has been changed to ‘DNS Stateful Operations’ (DSO) to reflect the fact that the TLV format is not limited to being used for signalling * The draft now

[DNSOP] I-D Action: draft-ietf-dnsop-session-signal-04.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations WG of the IETF. Title : DNS Stateful Operations Authors : Ray Bellis Stuart Cheshire

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

Hello John, On 13 Sep 2017, at 4:15, John Levine wrote: In article <63da2e77-8507-4f25-8684-14eabf9a5...@powerdns.com> you write: Since we are doing a draft/RFC on what localhost is and is not, I suggest we put some text in there banning (MUST NOT) the practice of having localhost entries (at