Re: [DNSOP] More work for DNSOP :-)
Paul Vixie <paul@redbarn.org> Fri, 06 March 2015 19:20 UTC
Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74A4F1A1EEC for <dnsop@ietfa.amsl.com>; Fri, 6 Mar 2015 11:20:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.208
X-Spam-Level:
X-Spam-Status: No, score=0.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_ABOUTYOU=0.5, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Jx_YWTo8G7P for <dnsop@ietfa.amsl.com>; Fri, 6 Mar 2015 11:20:28 -0800 (PST)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 869E21A1BD9 for <dnsop@ietf.org>; Fri, 6 Mar 2015 11:20:28 -0800 (PST)
Received: from [IPv6:2001:559:8000:cb:b015:3cb0:25ba:df77] (unknown [IPv6:2001:559:8000:cb:b015:3cb0:25ba:df77]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 8CBCD1851C; Fri, 6 Mar 2015 19:20:28 +0000 (UTC)
Message-ID: <54F9FDFA.2030405@redbarn.org>
Date: Fri, 06 Mar 2015 11:20:26 -0800
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 3.0.11 (Windows/20140602)
MIME-Version: 1.0
To: Simon Perreault <sperreault@jive.com>
References: <20150306145217.GA8959@nic.fr> <54F9C29E.9040408@jive.com> <54F9F90D.1020806@redbarn.org> <54F9FCD3.7010204@jive.com>
In-Reply-To: <54F9FCD3.7010204@jive.com>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/alternative; boundary="------------080003090807060306060901"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/Gj2YFkRoMvpAWgZU_egwr4_mh1E>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] More work for DNSOP :-)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2015 19:20:29 -0000
> Simon Perreault <mailto:sperreault@jive.com> > Friday, March 06, 2015 11:15 AM > Le 2015-03-06 13:59, Paul Vixie a écrit : > > >> like RD=0 sent to a recursive-only non-authoritative >> name server, its intended purpose is helping other people learn things >> about your name server state that you get no direct benefit from >> exposing. >> >> ... > > Full agreement. > > All of that would not be so bad if ANY did not appear to work. > Mozilla, and others, would not have used ANY if it had not appeared to > work. That's why ANY is so subversive. > > Let's break it significantly so it doesn't appear to work anymore. i now realize that the draft should cover "meta queries" in general, including RD=0 to a recursive server, AXFR and IXFR, and ANY of course, and whatever else we can come up with. and the recommendation should be to place these query types behind some access control mechanism, to prevent them from being used in normal DNS operations, but to support their use for diagnostic or other close-relationship activities (zone transfers). -- Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Andrew Sullivan
- [DNSOP] More work for DNSOP :-) Stephane Bortzmeyer
- Re: [DNSOP] More work for DNSOP :-) Simon Perreault
- Re: [DNSOP] More work for DNSOP :-) Edward Lewis
- Re: [DNSOP] More work for DNSOP :-) Marcus Grando
- Re: [DNSOP] More work for DNSOP :-) Stephane Bortzmeyer
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Alejandro Acosta
- Re: [DNSOP] More work for DNSOP :-) Simon Perreault
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Edward Lewis
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Bob Harold
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Dan York
- Re: [DNSOP] More work for DNSOP :-) Evan Hunt
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Paul Wouters
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Paul Wouters
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Paul Vixie
- Re: [DNSOP] More work for DNSOP :-) Tony Finch
- Re: [DNSOP] More work for DNSOP :-) Olafur Gudmundsson
- Re: [DNSOP] More work for DNSOP :-) Paul Hoffman
- Re: [DNSOP] More work for DNSOP :-) Andreas Gustafsson
- Re: [DNSOP] More work for DNSOP :-) Tony Finch
- Re: [DNSOP] More work for DNSOP :-) Stephane Bortzmeyer
- [DNSOP] Why no more meta-queries? (Was: More work… Stephane Bortzmeyer
- Re: [DNSOP] More work for DNSOP :-) Paul Hoffman
- Re: [DNSOP] Why no more meta-queries? (Was: More … Ray Bellis
- Re: [DNSOP] More work for DNSOP :-) Olafur Gudmundsson
- Re: [DNSOP] Why no more meta-queries? (Was: More … Shumon Huque
- Re: [DNSOP] Why no more meta-queries? (Was: More … Robert Edmonds
- Re: [DNSOP] Why no more meta-queries? (Was: More … Shumon Huque
- Re: [DNSOP] Why no more meta-queries? (Was: More … Shumon Huque
- Re: [DNSOP] Why no more meta-queries? (Was: More … W.C.A. Wijngaards
- Re: [DNSOP] Why no more meta-queries? (Was: More … Shumon Huque