TL;DR: (IPv4) The benefit of NSEC is fewer queries to the auths which would
return NXDOMAIN answers, which improves overall DNSBL lookup performance.
It also avoids exploding the negative cache of the resolver.
Funny you should mention that. About ten years ago I was trying to figure
out how
On 14/11/2023 00:56, John R Levine wrote:
Once again, I really wish people would stop blaming the victim.
That's not useful language. DNSBLs fulfill a purpose but are not
victims. People whose privacy is exposed via network traffic are
not correctly described as victims but are nonetheless
On 14/11/2023 00:56, John R Levine wrote:
Once again, I really wish people would stop blaming the victim.
That's not useful language. DNSBLs fulfill a purpose but are not
victims. People whose privacy is exposed via network traffic are
not correctly described as victims but are nonetheless
On Mon, 13 Nov 2023, Ben Schwartz wrote:
What about updating RFC 5782 to remove the "."s? The "."s don't seem to help
in any way here (unlike reverse zones, where they enable useful delegations).
PS: Some DNSBLs use stunt servers that synthesize the answers, but some
are normal DNS zones.
Looks good. I am hoping that we can reduce or at least prioritise the
different suggestions before it is finalized.
I am hoping someone has more data so if there are other places where
minimization causes performance problems, we can recognize them and fix
them.
"little or decrease" ->
What about updating RFC 5782 to remove the "."s? The "."s don't seem to help
in any way here (unlike reverse zones, where they enable useful delegations).
Once again, I really wish people would stop blaming the victim.
Rather than telling 100,000 mail servers around the world to change the
Hi Paul,
Thanks for your thoughts. I'd like to address your points below and would very
much appreciate your follow-up response.
On 11/11/23 12:55, Paul Wouters wrote:
I have read the document and I am supportive of the idea, but I find the
document not ready. Some issues I have with the
I read the draft and support the document moving forward. I find it nice to
leverage the secure link between the child zone owner and the DNS hoster.
Having the full RRSet in the zone being explicitly mentioned in the
document might ease the reading.
I have the impression the mechanism could only
On 11/10/23 22:55, Ben Schwartz wrote:
Alternatively, you might want to specify a very restrictive "CoAP DNS lookup
API", emphasizing that this is not a fully-featured DNS format.
+1 to this!
I admit I don't know much about CoAP but by the description during the
presentation, being