IETF Logo Mail Archive

Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS

Dick Franks <rwfranks@acm.org> Sun, 21 September 2014 18:50 UTC

Return-Path: <rwfranks@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 078541A035B for <dnsop@ietfa.amsl.com>; Sun, 21 Sep 2014 11:50:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.623
X-Spam-Level:
X-Spam-Status: No, score=0.623 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K8NZy6_3nuvG for <dnsop@ietfa.amsl.com>; Sun, 21 Sep 2014 11:50:24 -0700 (PDT)
Received: from mail-yh0-x22b.google.com (mail-yh0-x22b.google.com [IPv6:2607:f8b0:4002:c01::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B217A1A034A for <dnsop@ietf.org>; Sun, 21 Sep 2014 11:50:24 -0700 (PDT)
Received: by mail-yh0-f43.google.com with SMTP id v1so1571269yhn.16 for <dnsop@ietf.org>; Sun, 21 Sep 2014 11:50:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=LnYHYolwo67mXcKM2oYDPrOcqL0rq4DmE+ULrjm6zNI=; b=05hO7Y15e3op+2mhFdQou0SvoINi9/Ic9xlaktR3HtOI2TON2pyEVsJU2FQvXlb04S pD/sFF0WpvWFANz4khFMmlD4e1DWROPdUxf4k1frOYpNpZksiVlq6pHxNwhjzRIK7ZZp 4JJV1aKteKrT+B99udtMgLP7opM/H5Zll6z42e3+14ZZGBECa+cDBUdu4/9koSrwPiuB 8Y5JWg4JqA47fd5y0RvzDYZ/K1jAmBb8xiFAMtInGd2nvemyEUsZuypVEToG3d1NIt84 wA9l0HacLrtcjFezlR26lozKm8XoeOH6nyEnuP9Zh/f8tEIO/iAV3jD8MzSKXTHp0Nhc B8iQ==
X-Received: by 10.236.127.77 with SMTP id c53mr20886471yhi.40.1411325423911; Sun, 21 Sep 2014 11:50:23 -0700 (PDT)
MIME-Version: 1.0
Sender: rwfranks@gmail.com
Received: by 10.170.168.65 with HTTP; Sun, 21 Sep 2014 11:49:43 -0700 (PDT)
In-Reply-To: <20140921181433.GC16178@xs.powerdns.com>
References: <20140921115222.GB16178@xs.powerdns.com> <412982B8-DBB4-475E-8A85-352AF35B579F@vpnc.org> <20140921181433.GC16178@xs.powerdns.com>
From: Dick Franks <rwfranks@acm.org>
Date: Sun, 21 Sep 2014 19:49:43 +0100
X-Google-Sender-Auth: jeOqbTZvIbCFELyAFWx5g924aZE
Message-ID: <CAKW6Ri5qqa2Y_LVLkfoVGpJxowbj2uc2S7ADk=kzmWfS5fA=oQ@mail.gmail.com>
To: bert hubert <bert.hubert@netherlabs.nl>
Content-Type: multipart/alternative; boundary="14dae9d2f8888e089e050397ce2c"
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/MACkgyko88g9OIifyKjz2NTY8xc
Cc: dnsop@ietf.org, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Sep 2014 18:50:26 -0000

On 21 September 2014 19:14, bert hubert <bert.hubert@netherlabs.nl> wrote:

> On Sun, Sep 21, 2014 at 08:13:46AM -0700, Paul Hoffman wrote:
>
> > > PS: the above is currently not yet supported for DNSSEC domains!
> >
> > Can you say (much) more about that aside? Does it mean that the server
>
>
> An interesting opening is that we'd be signing potentially unsigned data
> this way. Potentially, we should check for the AD bit. But first let's see
> how this idea fits.
>
> Must validate the response. Otherwise bad actor can just toss in a bogus
AD bit!

v2.23.0 | Report a Bug | By Email