Re: [DNSOP] I-D Action: draft-ietf-dnsop-domain-verification-techniques-02.txt

Thanks and reviews/re-reviews welcome. Note: we've held off on a few of the points that Erik Nygren raised because they require a more involved treatment (detailed discussion of the token/name/account binding process; multi provider/CDN support, etc). I've asked Erik to contribute some text on

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-05.txt

On Mon, Jul 10, 2023 at 03:48:34PM -0700, internet-dra...@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts > directories. This Internet-Draft is a work item of the Domain Name > System Operations (DNSOP) WG of the IETF. > >Title : DNS Error

Re: [DNSOP] [v6ops] DNS64/Thread RE: WG call for adoption: draft-momoka-v6ops-ipv6-only-resolver-01

I think the issue is that NAT64 is being used to reach internal IPv4 addresses (e.g. RFC 1918) so the traffic needs to go through a NAT64 that can reach those addresses. > On 10 Jul 2023, at 17:32, mohamed.boucad...@orange.com wrote: > > Hi Gert, > > Please see inline. > > Cheers, > Med >

[DNSOP] I-D Action: draft-ietf-dnsop-dns-error-reporting-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the Domain Name System Operations (DNSOP) WG of the IETF. Title : DNS Error Reporting Authors : Roy Arends Matt Larson Filename

Re: [DNSOP] Working Group Last call for draft-ietf-dnsop-dns-error-reporting

On Mon, Jul 10, 2023 at 10:27:45PM +0100, Roy Arends wrote: > > Right, but surely the monitoring agent can decide whether to solicit > > such a prefix label or not. That is whether an "_er" prefix label is > > signalled is a *local matter* betweent the authoritative server > > signalling the

Re: [DNSOP] Working Group Last call for draft-ietf-dnsop-dns-error-reporting

Hi Viktor, Again, thank you for your detailed, in-depth and insightful response. My comments are inline, and I’ve removed the parts in agreement. > On 10 Jul 2023, at 17:58, Viktor Dukhovni wrote: > > On Wed, Jul 05, 2023 at 12:17:34PM +0100, Roy Arends wrote: > >>> The proposed qname

Re: [DNSOP] Secdir early review of draft-ietf-dnsop-dns-error-reporting-04

Looks good. Thank you Roy! Yaron On 10/07/2023, 19:45, "Roy Arends" mailto:r...@dnss.ec>> wrote: Hi Yaron, > On 9 Jul 2023, at 18:27, Yaron Sheffer > wrote: > > Hi Roy, > > Please see some responses below, prefixed with YS. > > Thanks, > Yaron > >

Re: [DNSOP] Working Group Last call for draft-ietf-dnsop-dns-error-reporting

Thanks! I think making it clear that auth servers are allowed to send TC to force TCP upgrade is a nice compromise. From: DNSOP on behalf of Roy Arends Sent: Monday, July 10, 2023 4:04 PM To: Ben Schwartz Cc: Benno Overeinder ; DNSOP Working Group ; DNSOP

Re: [DNSOP] I-D Action: draft-ietf-dnsop-domain-verification-techniques-02.txt

All Shivan, Shumon and Paul have incorporated feedback from the WG as well as several area reviews, and more. It's a much better document because of that, and we thank everyone. The chairs want to give the WG a 7-10 days to review the changes and confirm there are no issues thanks tim On Mon,

Re: [DNSOP] I-D Action: draft-ietf-dnsop-cds-consistency-02.txt

Hi, In preparation for the SFO meeting, this is to address the feedback that was still open. Changes: - Retry before assuming a nameserver is permanently unreachable Thanks, Peter On 7/10/23 22:24, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line

[DNSOP] I-D Action: draft-ietf-dnsop-cds-consistency-02.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the Domain Name System Operations (DNSOP) WG of the IETF. Title : Consistency for CDS/CDNSKEY and CSYNC is Mandatory Author : Peter Thomassen

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dnssec-bootstrapping-05.txt

Hi all, This revision only contains editorial changes from Scott's dnsdir review (plus an unclear sentence that I found and fixed). Thanks, Peter On 7/10/23 22:05, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This

[DNSOP] I-D Action: draft-ietf-dnsop-caching-resolution-failures-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the Domain Name System Operations (DNSOP) WG of the IETF. Title : Negative Caching of DNS Resolution Failures Authors : Duane Wessels

Re: [DNSOP] Dnsdir early review of draft-ietf-dnsop-dnssec-bootstrapping-04

Hi Scott, On 7/5/23 21:59, Rose, Scott W. (Fed) wrote: Coming up with this terminology was really challenging. The reason that the Signaling Name is only the prefix, without the Signaling Domain, is that it makes the rest of the spec easier. For example, from Section 3.1: To [...]

[DNSOP] I-D Action: draft-ietf-dnsop-dnssec-bootstrapping-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the Domain Name System Operations (DNSOP) WG of the IETF. Title : Automatic DNSSEC Bootstrapping using Authenticated Signals from the Zone's Operator Authors

Re: [DNSOP] Working Group Last call for draft-ietf-dnsop-dns-error-reporting

Ben, Thanks for this! Comments inline. > On 23 Jun 2023, at 02:27, Ben Schwartz > wrote: > > I want this draft to move forward, but upon review I noted with concern the > security section text: > >DNS error reporting is done without any authentication between the >reporting resolver

Re: [DNSOP] I-D Action: draft-ietf-dnsop-domain-verification-techniques-02.txt

Hi folks, we received a bunch of feedback over the last couple of months that we've addressed in this draft revision. Some notable things: 1. We now use the term "domain control validation" instead of "domain verification" since that seems to be the industry standard 2. Make the problem

Re: [DNSOP] Working Group Last call for draft-ietf-dnsop-dns-error-reporting

On Wed, Jul 05, 2023 at 12:17:34PM +0100, Roy Arends wrote: > > I would prefer to require resolvers to be more tolerant of unexpected > > options, and would have servers report the channel without explicit > > solicitation. > > That is indeed the plan. I shall make that explicit in the new

Re: [DNSOP] Secdir early review of draft-ietf-dnsop-dns-error-reporting-04

Hi Yaron, > On 9 Jul 2023, at 18:27, Yaron Sheffer wrote: > > Hi Roy, > > Please see some responses below, prefixed with YS. > > Thanks, > Yaron > > On 05/07/2023, 14:31, "Roy Arends" mailto:r...@dnss.ec>> > wrote: > > > Yaron, many thanks for your review. Comments inline: > > >> On 26

Re: [DNSOP] Artart early review of draft-ietf-dnsop-domain-verification-techniques-01

Thanks, Shivan, for addressing my comments. Barry On Mon, Jul 10, 2023 at 12:04 PM Shivan Kaul Sahib wrote: > > Hi Barry, we've uploaded a new version that should address your helpful > comments: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques/ > > On Mon, 3

Re: [DNSOP] Secdir early review of draft-ietf-dnsop-domain-verification-techniques-01

Hi Ben, thanks again for your comments! We've uploaded a new version that takes them into account. On Wed, 19 Apr 2023 at 17:40, Benjamin Kaduk via Datatracker < nore...@ietf.org> wrote: > Reviewer: Benjamin Kaduk > Review result: Has Issues > > # SecDir review of

Re: [DNSOP] Artart early review of draft-ietf-dnsop-domain-verification-techniques-01

Hi Barry, we've uploaded a new version that should address your helpful comments: https://datatracker.ietf.org/doc/draft-ietf-dnsop-domain-verification-techniques/ On Mon, 3 Apr 2023 at 00:38, Barry Leiba via Datatracker wrote: > Reviewer: Barry Leiba > Review result: Ready with Nits > > This

[DNSOP] I-D Action: draft-ietf-dnsop-domain-verification-techniques-02.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the Domain Name System Operations (DNSOP) WG of the IETF. Title : Domain Control Validation using DNS Authors : Shivan Sahib Shumon

Re: [DNSOP] [v6ops] WG call for adoption: draft-momoka-v6ops-ipv6-only-resolver-01

Dear WGs, After following the cross-WGs discussion, I am favor of adopting this draft. It focuses on a specific case (that may be generalized in future works), but I think that it provides a good description of the issue and a valid operational approach. BR Paolo From: v6ops On Behalf Of

[DNSOP] I-D Action: draft-ietf-dnsop-avoid-fragmentation-14.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the Domain Name System Operations (DNSOP) WG of the IETF. Title : Fragmentation Avoidance in DNS Authors : Kazunori Fujiwara Paul

Re: [DNSOP] [v6ops] DNS64/Thread RE: WG call for adoption: draft-momoka-v6ops-ipv6-only-resolver-01

Hi Gert, Please see inline. Cheers, Med > -Message d'origine- > De : Gert Doering > Envoyé : lundi 10 juillet 2023 08:53 > À : BOUCADAIR Mohamed INNOV/NET > Cc : Ted Lemon ; v6...@ietf.org; Xipengxiao > ; dnsop > Objet : Re: [v6ops] DNS64/Thread RE: [DNSOP] WG call for adoption: >

Re: [DNSOP] [v6ops] DNS64/Thread RE: WG call for adoption: draft-momoka-v6ops-ipv6-only-resolver-01

Hi, On Fri, Jul 07, 2023 at 01:19:38PM +, mohamed.boucad...@orange.com wrote: > For your last point: problems may arise if a distinct pref64 is used by the > upstream DNS64 than the one used locally. Unless I???m mistaken, we currently > don???t have a solution to detect mismatches between