One question/caveat:
What would the practical impact be, if the TTL on the SOA were the same as
the default negative caching TTL (for the NXDOMAIN)?
I think it would be slightly less sniffy, to have the NXDOMAIN and the
synthesized SOA both disappear at the same time.
IIRC, the TTL would then
, Dickson, Brian bdick...@verisign.com wrote:
One question/caveat:
What would the practical impact be, if the TTL on the SOA were the same
as
the default negative caching TTL (for the NXDOMAIN)?
The longevity of the negative answer in the cache is defined as min(SOA
TTL, SOA MINIMUM
On 2/22/13 2:27 PM, Warren Kumari war...@kumari.net wrote:
(If folk feel sufficiently strongly we *could* even strip a label off, so
that the synthesized SOA is not the same as the NXD. *This* feel really
hacks, but putting it out there...)
Uh, definitely not. The whole point is you don't know
On 2/25/13 7:29 PM, Tony Finch d...@dotat.at wrote:
Dickson, Brian bdick...@verisign.com wrote:
However, there is another UGLY, EVIL way that might achieve what you're
thinking of:
Instead of delegating to omniscient AS112 servers, what about doing a
DNAME to a specific target foo (replace
Ed Lewis wrote:
And to make this work really well, we have to figure out how I'd get a DS
record for an unpublished DNSKEY into a zone like .NL (Antoin's - well, not his
personally) that wants keys to work on, not DS records. To hark back to Wes, I
don't have answer for that, I don't want to
On 7/3/13 4:04 AM, Jaap Akkerhuis j...@nlnetlabs.nl wrote:
I'm still trying to figure out how I could tell whether prefetch
makes things better or worse, since the main thing I've learned
from the few DNS cache simulations I've done is that intuition is
not a good guide.
The
On 7/8/13 2:28 PM, Patrik Fältström p...@frobbit.se wrote:
I have also had a look at this document which I in general do believe is
sound, although there are a few events I would like to have described in
the document. Reason for this is that I see it being really important
that it is
On 7/8/13 9:39 PM, Andrew Sullivan a...@anvilwalrusden.com wrote:
On Mon, Jul 08, 2013 at 06:49:53PM +, Dickson, Brian wrote:
Thoughts?
My immediate thought is, What problem is this trying to solve?
Automating NS changes on the parent side, via child-signed-and-signalled
in-zone data
On 9/12/13 7:24 AM, Theodore Ts'o ty...@mit.edu wrote:
On Wed, Sep 11, 2013 at 03:38:21PM -0400, Phillip Hallam-Baker wrote:
I disagree. DNSSEC is not just DNS: its the only available,
deployed, and
(mostly) accessible global PKI currently in existence which also
includes a
constrained
On 9/12/13 2:07 PM, Ted Lemon ted.le...@nominum.com wrote:
On Sep 12, 2013, at 1:49 PM, Dickson, Brian bdick...@verisign.com
wrote:
In order to subvert or redirect a delegation, the TLD operator (or
registrar) would need to change the DNS server name/IP, and replace the
DS
record(s).
Someone
On 10/2/13 10:24 PM, Paul Wouters p...@cypherpunks.ca wrote:
On Wed, 2 Oct 2013, Warren Kumari wrote:
Anyway, we have finally rev'ed the CDS draft, and have (I think)
arrived at a compromise that will be acceptable to both views (DS vs
DNSKEY).
The 50'000ft[0] view is that the record is now
+1 (to everything said by Joe).
Support adoption/last-call/publication.
Brian
On 10/21/13 12:09 PM, Joe Abley jab...@hopcount.ca wrote:
On 2013-10-21, at 11:29, Tim Wicinski tim.wicin...@teamaol.com wrote:
This starts a Call for Adoption for draft-andrews-dnsop-rfc6598-rfc6303.
The draft
(Sorry for tweaking the subject line - mailer problems related to magic
words)
On 5/28/14, 12:15 PM, Evan Hunt e...@isc.org wrote:
So not to put too fine a point on it, but where is the use case for this
proposal? It seems like something that is more of someone's cool hack
than a standard
13 matches
Mail list logo