Re: [DNSOP] Suggestion for "any" - TCP only
Paul Wouters <paul@nohats.ca> Mon, 09 March 2015 04:03 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAD631A1AB0 for <dnsop@ietfa.amsl.com>; Sun, 8 Mar 2015 21:03:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4DuzkJCPnBxL for <dnsop@ietfa.amsl.com>; Sun, 8 Mar 2015 21:03:09 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFF541A1AA0 for <dnsop@ietf.org>; Sun, 8 Mar 2015 21:03:08 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3l0m9h47k0zC0; Mon, 9 Mar 2015 05:03:04 +0100 (CET)
Authentication-Results: mx.nohats.ca; dkim=pass reason="1024-bit key; unprotected key" header.d=nohats.ca header.i=@nohats.ca header.b=JUOpvjl5; dkim-adsp=pass
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id wz_L6V7jQLce; Mon, 9 Mar 2015 05:03:03 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Mon, 9 Mar 2015 05:03:03 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id EC3E8803E0; Mon, 9 Mar 2015 00:03:01 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1425873781; bh=Oc1F85ZMJtp4oOXTSd34rsemA9IpGU6GwvY3VsP1Ohg=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=JUOpvjl5u/Mh+6f6yg8uM1xGq8KDZL98X6xBWW21P5jlYhd3oBqJEKzKrs+65eaxJ +RS98uY8d0xKInXacAG0gs8WGgIdFvuA/hvSInhoyK9fmDY8EdlLF+DR21YpOqysQh xpWLMUw4f4Wh8FlUkdZYzvKNS/Xz8uH3OxXmCiVc=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id t29430Q5006968; Mon, 9 Mar 2015 00:03:00 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Mon, 09 Mar 2015 00:03:00 -0400
From: Paul Wouters <paul@nohats.ca>
To: Paul Vixie <paul@redbarn.org>
In-Reply-To: <54FD1969.3070405@redbarn.org>
Message-ID: <alpine.LFD.2.10.1503082359510.31060@bofh.nohats.ca>
References: <CAH1iCir+h+Kfj1q6JSqhGJ9ev0TQwRDSMci3APKCR=gJAW1phQ@mail.gmail.com> <alpine.LFD.2.10.1503082115040.2914@bofh.nohats.ca> <54FD1969.3070405@redbarn.org>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/aUC1fLgfSsCJiDmkfqOWVnYECgo>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>, Brian Dickson <brian.peter.dickson@gmail.com>
Subject: Re: [DNSOP] Suggestion for "any" - TCP only
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 04:03:10 -0000
On Sun, 8 Mar 2015, Paul Vixie wrote: > again, the next revision of olafur's document will remove all mention of amplification/reflection. that meme is dead. So why are we proposing to ACL the ANY queries again? If you put ANY queries under an ACL, it means you are limiting the ANY query diagnostics to those who can already read the logfiles to find out what went wrong. It's basically the same as killing ANY queries. Cloudfare is not doing this for privacy reasons. So let's not kid ourselves. Paul
- [DNSOP] Suggestion for "any" - TCP only Brian Dickson
- Re: [DNSOP] Suggestion for "any" - TCP only Ralf Weber
- Re: [DNSOP] Suggestion for "any" - TCP only Paul Vixie
- Re: [DNSOP] Suggestion for "any" - TCP only Paul Wouters
- Re: [DNSOP] Suggestion for "any" - TCP only Paul Vixie
- Re: [DNSOP] Suggestion for "any" - TCP only Paul Wouters
- Re: [DNSOP] Suggestion for "any" - TCP only Paul Vixie
- Re: [DNSOP] Suggestion for "any" - TCP only Oliver Peter
- Re: [DNSOP] Suggestion for "any" - TCP only Paul Wouters
- Re: [DNSOP] Suggestion for "any" - TCP only Paul Vixie
- Re: [DNSOP] Suggestion for "any" - TCP only Hugo Maxwell Connery