Re: [DNSOP] DNS privacy : now at least two drafts
Mark Andrews <marka@isc.org> Mon, 17 March 2014 15:42 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C4391A0418 for <dnsop@ietfa.amsl.com>; Mon, 17 Mar 2014 08:42:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.048
X-Spam-Level:
X-Spam-Status: No, score=-6.048 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fU2q4-j92Cvp for <dnsop@ietfa.amsl.com>; Mon, 17 Mar 2014 08:42:03 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) by ietfa.amsl.com (Postfix) with ESMTP id 150521A02FD for <dnsop@ietf.org>; Mon, 17 Mar 2014 08:42:03 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.ams1.isc.org (Postfix) with ESMTP id DA7BF2383F9; Mon, 17 Mar 2014 15:41:43 +0000 (UTC) (envelope-from marka@isc.org)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 3B90F16005D; Mon, 17 Mar 2014 15:42:47 +0000 (UTC)
Received: from rock.dv.isc.org (unknown [149.20.50.236]) by zmx1.isc.org (Postfix) with ESMTPSA id 38382160057; Mon, 17 Mar 2014 15:42:47 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 30B51118C508; Tue, 18 Mar 2014 02:41:43 +1100 (EST)
To: Florian Weimer <fw@deneb.enyo.de>
From: Mark Andrews <marka@isc.org>
References: <20131217112527.GA18176@nic.fr> <87ob1geis0.fsf@mid.deneb.enyo.de> <20140308165741.GA15121@laperouse.bortzmeyer.org> <8761noehzv.fsf@mid.deneb.enyo.de> <20140308173456.GB17348@laperouse.bortzmeyer.org> <87fvmsd0nk.fsf@mid.deneb.enyo.de> <20140311080053.5FCF910E2D41@rock.dv.isc.org> <87y50auqqf.fsf@mid.deneb.enyo.de>
In-reply-to: Your message of "Sun, 16 Mar 2014 16:07:20 +0100." <87y50auqqf.fsf@mid.deneb.enyo.de>
Date: Tue, 18 Mar 2014 02:41:43 +1100
Message-Id: <20140317154143.30B51118C508@rock.dv.isc.org>
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/cnhWGKCXprZgP-RoFbiKoz_CREs
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] DNS privacy : now at least two drafts
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 15:42:06 -0000
In message <87y50auqqf.fsf@mid.deneb.enyo.de>, Florian Weimer writes: > * Mark Andrews: > > >>> Another note is that the answer to the NS query, unlike the referral > >>> sent when the question is a full qname, is in the Answer section, not > >>> in the Authoritative section. It has probably no practical > >>> consequences. > >> > >> Most resolvers do not make NS queries, and some authoritative servers > >> do not return useful data (or any data at all). So using NS queries > >> for zone cut discovery does not work reliably. > > > > Any resolver that is DNSSEC aware will make NS queries (whether > > validating or not). > > Really? Where is this mentioned in the protocol RFCs? RFC 3658 2.2.1.2. Special processing when child and an ancestor share nameserver > > Nameservers that fail to handle NS queries are broken. More NS > > queries would be good for the overall health of the DNS as it would > > flush out the broken servers. > > Sure, but in practice, no one wants to be the person who exerts this > perssure on zone publishers. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [DNSOP] DNS privacy : now at least two drafts Stephane Bortzmeyer
- Re: [DNSOP] DNS privacy : now at least two drafts Florian Weimer
- Re: [DNSOP] DNS privacy : now at least two drafts Stephane Bortzmeyer
- Re: [DNSOP] DNS privacy : now at least two drafts Florian Weimer
- Re: [DNSOP] DNS privacy : now at least two drafts Stephane Bortzmeyer
- Re: [DNSOP] DNS privacy : now at least two drafts Florian Weimer
- Re: [DNSOP] DNS privacy : now at least two drafts Mark Andrews
- Re: [DNSOP] DNS privacy : now at least two drafts Florian Weimer
- Re: [DNSOP] DNS privacy : now at least two drafts Florian Weimer
- Re: [DNSOP] DNS privacy : now at least two drafts Mark Andrews
- Re: [DNSOP] DNS privacy : now at least two drafts Florian Weimer
- Re: [DNSOP] DNS privacy : now at least two drafts Mark Andrews