IETF Logo Mail Archive

Re: [Add] [EXTERNAL] My single use case

Robert Mortimer <robm@scramworks.net> Thu, 10 September 2020 16:00 UTC

Return-Path: <robm@scramworks.net>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DEFE3A0B53 for <add@ietfa.amsl.com>; Thu, 10 Sep 2020 09:00:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=scramworks.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O_02DdwIc7Lk for <add@ietfa.amsl.com>; Thu, 10 Sep 2020 09:00:02 -0700 (PDT)
Received: from knid.scramworks.net (knid.scramworks.net [IPv6:2a01:4f8:c17:50eb::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87C863A0B38 for <add@ietf.org>; Thu, 10 Sep 2020 08:59:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=scramworks.net; s=bofh; h=References:In-Reply-To:To:From:Subject:Message-ID :Date:MIME-Version:Content-Type:Sender:Reply-To:Cc:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=KOffnRDsRL0sDmCXgz8RM0D9b7FkBp66Y7ZghFoaYEU=; b=DWy9gKtRpaybX/ZMMFLZT7NFJR eMEBTPF5tpQe4VZNnslAOAharp0P5FxuIIZF7nk53Sp39g/n6GeN05nQO8o1Q0ICbfH62MpjAd49E UFfjL+6oHoyp/gNEvkmXNqUWdpwDwgg848N1pvTUH6pA/6YiLbZNa6M5baPYQN4k4CkU=;
Received: from host-92-26-21-62.as13285.net ([92.26.21.62] helo=[192.168.1.233]) by knid.scramworks.net with esmtpsa (TLS1.1:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from <robm@scramworks.net>) id 1kGOzH-0004K2-RU for add@ietf.org; Thu, 10 Sep 2020 16:59:54 +0100
Content-Type: multipart/alternative; boundary="----=_NextPart_50249805.947041096445"
MIME-Version: 1.0
Date: Thu, 10 Sep 2020 16:58:51 +0100
Message-ID: <Mailbird-6516590c-b0d6-46d7-a47f-66d3ae959b84@scramworks.net>
From: Robert Mortimer <robm@scramworks.net>
To: add@ietf.org
In-Reply-To: <6D7363F8-4EA1-4E91-8672-90122A2CCF39@rfc1035.com>
References: <d4bd287a-d2ce-40cd-b635-4f74efbc77f6@www.fastmail.com> <DM6PR00MB07815F5B6F43F63DB23485A7FA271@DM6PR00MB0781.namprd00.prod.outlook.com> <6D7363F8-4EA1-4E91-8672-90122A2CCF39@rfc1035.com>
User-Agent: Mailbird/2.8.34.0
X-Mailbird-ID: Mailbird-6516590c-b0d6-46d7-a47f-66d3ae959b84@scramworks.net
X-Spam-Score-SW: -1.0 (-)
X-SW-Scan: 848d3da365d32cede5fa45af5cde9eed
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/CvPs3W5VFrchN9fhSwsBxM7OnnY>
Subject: Re: [Add] [EXTERNAL] My single use case
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 16:00:06 -0000

On 10/09/2020 16:38:32, Jim Reid <jim@rfc1035.com> wrote:


> On 10 Sep 2020, at 16:27, Tommy Jensen wrote:
>
> > Specifically, I want to NOT learn about whether the resolver does [...]
>
> +1, I couldn't agree more.

Ditto.

Ditto again

Though I kind of see this as opportunistic - if the recommended by the network DNS server can be used more securely regardless of anything else I'd like my OS/Client/whatever to be able to take advantage of that. Even if the DNS server isn't "trustworthy" I'm still in a better position than I was using it insecurely and in most cases it's probably trustworthy enough.
-- 
Robm
873
  "Ask not what I can do for the stupid, 
         but what the stupid can do for me" - Graeme Garden

v2.23.0 | Report a Bug | By Email