Re: [DNSOP] I-D Action: draft-muks-dnsop-dns-catalog-zones-04.txt

On Sat, Mar 10, 2018 at 09:56:15PM +0530, Mukund Sivaraman wrote a message of 80 lines which said: > I have heard that there have been previous efforts for common > nameserver configuration that were abandoned. Several efforts, I believe, such as

[DNSOP] Please review the definitions around "recursive" in terminology-bis

Greetings. The definition of "recursive resolver" has been problematic both in RFC 7719 and in draft-ietf-dnsop-terminology-bis. Section 6 of draft-ietf-dnsop-terminology-bis defines a bunch of terms about servers, including "recursive mode" and "recursive resolver". The current text gives:

Re: [DNSOP] Please review the definitions around "recursive" in terminology-bis

On 12 Mar 2018, at 11:09, Paul Hoffman wrote: > Can these be improved on? This is one of the core ideas in the DNS protocol > and it seems a bit weird that we don't have a crisp set of definitions. If > there is more text from RFCs to quote, that would possibly be a big help. One detail that c

[DNSOP] Question about usage of ip6.arpa and in-addr.arpa

Hey all, I’m working on a document in the ACME WG that concerns methods for validating control of IP addresses (draft-ietf-acme-ip) and wanted to see if anyone here could provide some input on a question I had regarding usage of the ip6.arpa and in-addr.arpa zones. In the original incarnation

Re: [DNSOP] Please review the definitions around "recursive" in terminology-bis

No cc. I call them full resolved not recursive resolvers. I thought 1034 also did. On March 12, 2018 3:09:27 PM UTC, Paul Hoffman wrote: >Greetings. The definition of "recursive resolver" has been problematic >both in RFC 7719 and in draft-ietf-dnsop-terminology-bis. Section 6 of >draft-ietf-d

Re: [DNSOP] Question about usage of ip6.arpa and in-addr.arpa

On 12 Mar 2018, at 8:58, Roland Bracewell Shoemaker wrote: I’m working on a document in the ACME WG that concerns methods for validating control of IP addresses (draft-ietf-acme-ip) and wanted to see if anyone here could provide some input on a question I had regarding usage of the ip6.arpa an

Re: [DNSOP] Please review the definitions around "recursive" in terminology-bis

On 12 Mar 2018, at 10:21, Vix wrote: I call them full resolved not recursive resolvers. I thought 1034 also did. Not really. Please see the full text of Section 6 to see the state of "full resolver" and "full-service resolver". The term "recursive resolver" is used in a zillion other places

Re: [DNSOP] Question about usage of ip6.arpa and in-addr.arpa

The main use case here is for major providers who want to get certificates for addresses before there is actually anything bootstrapped on the machine behind it yet. Then they are able to immediately stand something up that can be used instead of needing to go through the process of validation a

Re: [DNSOP] I-D Action: draft-muks-dnsop-dns-catalog-zones-04.txt

At Sat, 10 Mar 2018 21:56:15 +0530, Mukund Sivaraman wrote: > > I've read draft-muks-dnsop-dns-catalog-zones-04. I see the motivation > > of automating the synchronization of primary/secondary configurations. > > Personally, however, I'm not (yet?) convinced that this should be > > "standardized

Re: [DNSOP] Please review the definitions around "recursive" in terminology-bis

Yes please. I'd start off by noting that "recursive" (like "resolver") is used in several different ways and a single clear definition isn't possible. "Recursive mode" is currently defined as "receiving a query and then either answering from a cache or sending a query to other servers" -- which se

Re: [DNSOP] Please review the definitions around "recursive" in terminology-bis

Paul Hoffman wrote: On 12 Mar 2018, at 10:21, Vix wrote: I call them full resolved not recursive resolvers. I thought 1034 also did. Not really. Please see the full text of Section 6 to see the state of "full resolver" and "full-service resolver". huh. The term "recursive resolver" is

Re: [DNSOP] I-D Action: draft-muks-dnsop-dns-catalog-zones-04.txt

even after talking to muks@isc offline, i still don't understand why the original metazone proposal can't simply be standardized. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Question about usage of ip6.arpa and in-addr.arpa

> On 12 Mar 2018, at 17:37, Paul Hoffman wrote: > > If the use case here is to be able to issue certificates for TLS servers > based on the IP address instead of the domain name, creating something new in > the DNS may be overkill. That is, why even have Section 4.1 of > draft-ietf-acme-ip a

Re: [DNSOP] Question about usage of ip6.arpa and in-addr.arpa

On 12 Mar 2018, at 16:12, Jim Reid wrote: On 12 Mar 2018, at 17:37, Paul Hoffman wrote: If the use case here is to be able to issue certificates for TLS servers based on the IP address instead of the domain name, creating something new in the DNS may be overkill. That is, why even have Se

Re: [DNSOP] Question about usage of ip6.arpa and in-addr.arpa

> On 12 Mar 2018, at 23:27, Paul Hoffman wrote: > > For which other protocols did you want certificates with IP addresses as > identifiers? I think these may be needed for SIP, particularly roving (nameless) clients. And quite possibly for P2P applications. > If your list is longer than zer

Re: [DNSOP] Question about usage of ip6.arpa and in-addr.arpa

On Monday, March 12, 2018 11:12:36 PM GMT Jim Reid wrote: > > On 12 Mar 2018, at 17:37, Paul Hoffman wrote: > > > > If the use case here is to be able to issue certificates for TLS servers > > based on the IP address instead of the domain name, creating something > > new in the DNS may be overkil

Re: [DNSOP] Question about usage of ip6.arpa and in-addr.arpa

On 12 Mar 2018, at 16:41, Jim Reid wrote: On 12 Mar 2018, at 23:27, Paul Hoffman wrote: For which other protocols did you want certificates with IP addresses as identifiers? I think these may be needed for SIP, particularly roving (nameless) clients. And quite possibly for P2P applications

Re: [DNSOP] Question about usage of ip6.arpa and in-addr.arpa

> On 13 Mar 2018, at 00:07, Paul Hoffman wrote: > > How could you use ACME to validate the IP address of a roving client or a P2P > application that has no fixed IP address? In pretty much the same way as ACME tokens would/could be used to validate clients that have (fixed) names. Or perhap

Re: [DNSOP] I-D Action: draft-muks-dnsop-dns-catalog-zones-04.txt

Hi Jinmei On Mon, Mar 12, 2018 at 10:59:11AM -0700, 神明達哉 wrote: > > > this proposal. (in that sense, I'm curious: is there other DNS > > > developer than ISC that is interested in implementing this proposal?) > > > > So far: I was told that PowerDNS has implemented a plug-in/script that > > provi