IETF Logo Mail Archive

RE: Last Call: Simple Secure Domain Name System (DNS) Dynamic Update to Proposed Standard

"Levon Esibov" <levone@Exchange.Microsoft.com> Tue, 13 June 2000 23:00 UTC

Received: from psg.com (psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA24493 for <dnsext-archive@lists.ietf.org>; Tue, 13 Jun 2000 19:00:40 -0400 (EDT)
Received: from lserv by psg.com with local (Exim 3.13 #1) id 131z7n-0004na-00 for namedroppers-data@psg.com; Tue, 13 Jun 2000 15:25:35 -0700
Received: from [147.28.4.2] (helo=roam.psg.com) by psg.com with esmtp (Exim 3.13 #1) id 131z7m-0004nS-00 for namedroppers@ops.ietf.org; Tue, 13 Jun 2000 15:25:34 -0700
Received: from randy by roam.psg.com with local (Exim 3.12 #1) id 131z7r-0001IO-00 for namedroppers@ops.ietf.org; Tue, 13 Jun 2000 16:25:39 -0600
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: RE: Last Call: Simple Secure Domain Name System (DNS) Dynamic Update to Proposed Standard
Date: Tue, 13 Jun 2000 13:46:34 -0700
Message-ID: <19398D273324D3118A2B0008C7E9A5690AD71B21@SIT.platinum.corp.microsoft.com>
From: Levon Esibov <levone@Exchange.Microsoft.com>
To: iesg@ietf.org
Cc: namedroppers@ops.ietf.org
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit

I'd like to recommend to replace the text fragment from Section 3
"By default, a principal MUST NOT be permitted to make any changes to
zone
data; any permissions MUST be enabled though configuration."

by the following text

"By default, a principal SHOULD NOT be permitted to make any changes to
zone
data; any permissions SHOULD be enabled through configuration."

I believe the decision on the default configuration should be left to
implementers. The deployment experience of Beta Windows 2000
demonstrated difficulties that administrators experienced in
configuration of the zones for the dynamic updates. It was found that
the default configuration that satisfied majority of customers is to
allow all the authenticated principals to create new names in a zone,
but prohibit any unauthorized principals from modifying the existing
records. This is the default configuration of the Windows 2000 DNS
server.

I apologize that I didn't notice the issue during the workgroup last
call.

Levon

From: The IESG [mailto:iesg-secretary@ietf.org]
Sent: Friday, June 02, 2000 5:34 AM
To: IETF-Announce: ;
Cc: namedroppers@ops.ietf.org
Subject: Last Call: Simple Secure Domain Name System (DNS) Dynamic
Update to Proposed Standard



The IESG has received a request from the DNS Extensions Working Group
to consider Simple Secure Domain Name System (DNS) Dynamic Update
<draft-ietf-dnsext-simple-secure-update-01.txt> as a Proposed Standard.
This will replace/obsolete RFC2137, currently a Proposed Standard.

The IESG will also consider Domain Name System Security (DNSSEC)
Signing Authority <draft-ietf-dnsext-signing-auth-01.txt> as a Proposed
Standard, updating RFC2535

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action.  Please send any comments to the=20
iesg@ietf.org or ietf@ietf.org mailing lists by June 16, 2000.

Files can be obtained via
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-simple-secure-upda
te-01.txt
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-signing-auth-01.tx
t




to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.

to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.

v2.23.0 | Report a Bug | By Email