The DNSOP WG has placed draft-arends-dns-error-reporting in state
Call For Adoption By WG Issued (entered by Tim Wicinski)
The document is available at
https://datatracker.ietf.org/doc/draft-arends-dns-error-reporting/
___
DNSOP mailing list
>>> I think this is another point in favor of doing QNAME minimization.
>>> RFC7816 (technically experimental, but recommended.)
>>>
>>> It kind of makes the query order moot; the resolver looks up the shorter
>>> name first even while resolving the longer name.
>>>
>>
>> Is there any data or even
On Tue, 6 Apr 2021, Andrew Sullivan wrote:
In a somewhat different world where we used RRTYPEs rather than _tag names,
we could do tree walks a lot more efficiently.
I guess we're now in the world-record running for "somewhat" doing the most
amount of work in a sentence?
Hey, I'm the guy
On Apr 6, 2021, at 2:07 PM, Benno Overeinder wrote:
>
> With the IETF 110 DNSOP meeting, the draft DNS Error Reporting
> (draft-arends-dns-error-reporting) is presented by Roy Arends.
>
> In the session, the (virtual) room was asked for adoption of the document or
> raise objections. On the
On Tue, Apr 06, 2021 at 05:41:10PM -0400, John Levine wrote:
In a somewhat different world where we used RRTYPEs rather than _tag names, we
could do tree walks a lot more efficiently.
I guess we're now in the world-record running for "somewhat" doing the most amount of
work in a sentence?
_dmarc.newjersey.sales.bigcorp.wtf
_dmarc.sales.bigcorp.wtf
_dmarc.bigcorp.wtf
Sure, but if I query "_dmarc.newjersey.sales.bigcorp.wtf" and I get back an
NXDOMAIN for "sales.bigcorp.wtf", I can eliminate at least one query,
But you won't, you'll get back an answer for the name you looked
On Tue, Apr 6, 2021 at 2:41 PM John Levine wrote:
> In this application, no, because it's not doing a strict tree walk:
>
> _dmarc.newjersey.sales.bigcorp.wtf
> _dmarc.sales.bigcorp.wtf
> _dmarc.bigcorp.wtf
>
> The _dmarc tag means that none of the names is an ancestor of any of
> the others. It
On Tue, Apr 6, 2021 at 12:51 PM Shumon Huque wrote:
>
> On Tue, Apr 6, 2021 at 3:03 PM Murray S. Kucherawy
> wrote:
>>
>> On Tue, Apr 6, 2021 at 11:48 AM Shumon Huque wrote:
>>>
>>> Without DNSSEC, there is no current way to provide an indication about the
>>> longest ancestor of the name
It appears that Murray S. Kucherawy said:
>-=-=-=-=-=-
>
>I'm wondering something about tree walks, which John Levine asked about in
>November, as it's a topic of interest to the evolution of DMARC.
>
>I've read RFC 8020 which says an NXDOMAIN cached for "foo.example" also
>covers later queries
On Tue, Apr 6, 2021 at 5:16 PM Murray S. Kucherawy
wrote:
> On Tue, Apr 6, 2021 at 12:56 PM Brian Dickson <
> brian.peter.dick...@gmail.com> wrote:
>
>> I think this is another point in favor of doing QNAME minimization.
>> RFC7816 (technically experimental, but recommended.)
>>
>> It kind of
On Tue, Apr 6, 2021 at 12:56 PM Brian Dickson
wrote:
> I think this is another point in favor of doing QNAME minimization.
> RFC7816 (technically experimental, but recommended.)
>
> It kind of makes the query order moot; the resolver looks up the shorter
> name first even while resolving the
With the IETF 110 DNSOP meeting, the draft DNS Error Reporting
(draft-arends-dns-error-reporting) is presented by Roy Arends.
In the session, the (virtual) room was asked for adoption of the
document or raise objections. On the mic there was general support for
adoption.
Now we will start
Hiya,
On 06/04/2021 21:00, Ben Schwartz wrote:
Here's a proposal to add an example as you suggest:
https://github.com/MikeBishop/dns-alt-svc/pull/311/files
LGTM, thanks,
S.
On Sat, Apr 3, 2021 at 2:44 PM Stephen Farrell
wrote:
On 03/04/2021 18:07, Ben Schwartz wrote:
It's supposed
On Tue, Apr 6, 2021 at 11:11 AM Murray S. Kucherawy
wrote:
> I'm wondering something about tree walks, which John Levine asked about in
> November, as it's a topic of interest to the evolution of DMARC.
>
> I've read RFC 8020 which says an NXDOMAIN cached for "foo.example" also
> covers later
On Tue, Apr 6, 2021 at 3:03 PM Murray S. Kucherawy
wrote:
> On Tue, Apr 6, 2021 at 11:48 AM Shumon Huque wrote:
>
>> Without DNSSEC, there is no current way to provide an indication about
>> the longest ancestor of the name that did exist. With DNSSEC, the NSEC or
>> NSEC3 records in the
On Tue, Apr 6, 2021 at 11:48 AM Shumon Huque wrote:
> Without DNSSEC, there is no current way to provide an indication about the
> longest ancestor of the name that did exist. With DNSSEC, the NSEC or NSEC3
> records in the response can do this (as well as providing cryptographic
> proof of this
Thanks to everyone who provided input into the draft text for ECS with SVCB
on Github. The current proposed text is:
> The EDNS Client Subnet option (ECS, [RFC7871]) allows recursive resolvers
to request IP addresses that are suitable for a particular client IP range.
SVCB records may contain IP
On Tue, Apr 6, 2021 at 2:11 PM Murray S. Kucherawy
wrote:
> I'm wondering something about tree walks, which John Levine asked about in
> November, as it's a topic of interest to the evolution of DMARC.
>
> I've read RFC 8020 which says an NXDOMAIN cached for "foo.example" also
> covers later
And the 'go read this' reference is https://tools.ietf.org/html/rfc8198
On Tue, 2021-04-06 at 20:29 +0200, libor.peltan wrote:
> Hi Murray,
> if foo.example does not exist and DNSSEC is in place, than the resolver
> actually, even with the queries "in reverse order", obtains and NSEC(3),
>
Hi Murray,
if foo.example does not exist and DNSSEC is in place, than the resolver
actually, even with the queries "in reverse order", obtains and NSEC(3),
proving non-existence for much more.
For example, the query is bar.foo.example, and the authoritative returns
an NSEC proving that
I'm wondering something about tree walks, which John Levine asked about in
November, as it's a topic of interest to the evolution of DMARC.
I've read RFC 8020 which says an NXDOMAIN cached for "foo.example" also
covers later queries for "bar.foo.example". Makes sense.
Can this be used (or maybe
21 matches
Mail list logo
