Re: draft-ietf-dnsop-ipv6-dns-issues-04.txt [Re: [dnsop] WG Last Call: draft-ietf-dnsop-misbehavior-against-aaaa-00.txt]
Pekka Savola <pekkas@netcore.fi> Fri, 26 March 2004 16:45 UTC
Received: from darkwing.uoregon.edu (root@darkwing.uoregon.edu [128.223.142.13]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA00783 for <dnsop-archive@lists.ietf.org>; Fri, 26 Mar 2004 11:45:48 -0500 (EST)
Received: from darkwing.uoregon.edu (majordom@localhost [127.0.0.1]) by darkwing.uoregon.edu (8.12.11/8.12.11) with ESMTP id i2QF21J4004029 for <dnsop-outgoing@darkwing.uoregon.edu>; Fri, 26 Mar 2004 07:02:01 -0800 (PST)
Received: (from majordom@localhost) by darkwing.uoregon.edu (8.12.11/8.12.11/Submit) id i2QF20i2004026 for dnsop-outgoing; Fri, 26 Mar 2004 07:02:00 -0800 (PST)
Received: from netcore.fi (netcore.fi [193.94.160.1]) by darkwing.uoregon.edu (8.12.11/8.12.11) with ESMTP id i2QF1xxl003576 for <dnsop@lists.uoregon.edu>; Fri, 26 Mar 2004 07:01:59 -0800 (PST)
Received: from localhost (pekkas@localhost) by netcore.fi (8.11.6/8.11.6) with ESMTP id i2QF1p510854; Fri, 26 Mar 2004 17:01:52 +0200
Date: Fri, 26 Mar 2004 17:01:51 +0200
From: Pekka Savola <pekkas@netcore.fi>
To: "J-F C. (Jefsey) Morfin" <jefsey@club-internet.fr>
cc: dnsop@lists.uoregon.edu
Subject: Re: draft-ietf-dnsop-ipv6-dns-issues-04.txt [Re: [dnsop] WG Last Call: draft-ietf-dnsop-misbehavior-against-aaaa-00.txt]
In-Reply-To: <6.0.1.1.2.20040326134631.041418c0@mail.club-internet.fr>
Message-ID: <Pine.LNX.4.44.0403261654490.10525-100000@netcore.fi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-dnsop@lists.uoregon.edu
Precedence: bulk
Reply-To: Pekka Savola <pekkas@netcore.fi>
On Fri, 26 Mar 2004, J-F C. (Jefsey) Morfin wrote: > Oh! I try to get the text more specific! > > What I mean is that if you introduce a new concept in the DNS > affecting the availability/existance of the RRs you should make > ita very precise feature. From what I gather the TTO would be the > delay before non called entry should be discarded. I think the > concept is great as it may really help managers tracing their > own mismanagement. > > 1. I do not know where it is to be introduced because I do not > see easily how it may survive a reload (we are talking of the > master file management). This means an associated base > keeping the date of the last use and called at loading time. > > 2. this would pemit a feature I want for a long in the DNS, which > is temporary names for security/ebusiness purposes. If I set > a TTO of 15 minutes and a TTL of 5 minutes on a Dynamic > entry : the name will be valid for 20 minutes maximum on the > network. I think there has been a misunderstanding about the context where such a janitorial process would operate. I was not proposing changes to DNS records, but rather how the zones are operated. For the cases where the names would be statically assigned, they cannot be expired out without being checked for validity. So, unless we assume that the nodes using DDNS would be updating the record just in case even though it is up-to-date (to signal that, yes, "I'm still here"), the process has to operate in a different context. That is, for example, you could be running an arpwatch -like daemon in your network, and storing the IP addresses used. Or you could do syslogging from your border router based on IP addresses. Or something else. After you've collected a lot of data like this, you would run some process which would find the old information from the pile, and remove their records from the DNS files. Yes, this is complicated, but ideas for something better are welcome. And if we figure out something better (e.g., recommend that DDNS is run regularly), all the better -- but that probably doesn't need to go into this document, especially if it takes a lot of time to "get right". -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
- [dnsop] WG Last Call: draft-ietf-dnsop-misbehavio… David Meyer
- Re: [dnsop] WG Last Call: draft-ietf-dnsop-misbeh… J-F C. (Jefsey) Morfin
- Re: [dnsop] WG Last Call: draft-ietf-dnsop-misbeh… JINMEI Tatuya / 神明達哉
- Re: [dnsop] WG Last Call: draft-ietf-dnsop-misbeh… Francis Dupont
- draft-ietf-dnsop-ipv6-dns-issues-04.txt [Re: [dns… Pekka Savola
- Re: [dnsop] WG Last Call: draft-ietf-dnsop-misbeh… JINMEI Tatuya / 神明達哉
- Re: draft-ietf-dnsop-ipv6-dns-issues-04.txt [Re: … J-F C. (Jefsey) Morfin
- Re: [dnsop] WG Last Call: draft-ietf-dnsop-misbeh… J-F C. (Jefsey) Morfin
- Re: draft-ietf-dnsop-ipv6-dns-issues-04.txt [Re: … Pekka Savola
- Re: draft-ietf-dnsop-ipv6-dns-issues-04.txt [Re: … J-F C. (Jefsey) Morfin
- [dnsop] Another example of AAAA misbehavior Barber, Piet
- Re: [dnsop] WG Last Call: draft-ietf-dnsop-misbeh… David C Lawrence
- Re: [dnsop] Another example of AAAA misbehavior bert hubert
- Re: draft-ietf-dnsop-ipv6-dns-issues-04.txt [Re: … Pekka Savola
- Re: draft-ietf-dnsop-ipv6-dns-issues-04.txt [Re: … J-F C. (Jefsey) Morfin
- Re: draft-ietf-dnsop-ipv6-dns-issues-04.txt [Re: … Pekka Savola
- Re: [dnsop] WG Last Call: draft-ietf-dnsop-misbeh… J-F C. (Jefsey) Morfin
- Re: [dnsop] WG Last Call: draft-ietf-dnsop-misbeh… Rob Austein
- Re: draft-ietf-dnsop-ipv6-dns-issues-04.txt [Re: … J-F C. (Jefsey) Morfin
- draft-ietf-dnsop-ipv6-dns-issues-04.txt (Re: [dns… JINMEI Tatuya / 神明達哉