IETF Logo Mail Archive

Re: [DNSOP] Suggestion for "any" - TCP only

Paul Vixie <paul@redbarn.org> Mon, 09 March 2015 05:27 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27BA51A6F3C for <dnsop@ietfa.amsl.com>; Sun, 8 Mar 2015 22:27:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tQKZ7tWJce8W for <dnsop@ietfa.amsl.com>; Sun, 8 Mar 2015 22:27:18 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E37EF1A6F2B for <dnsop@ietf.org>; Sun, 8 Mar 2015 22:27:17 -0700 (PDT)
Received: from [IPv6:240c:f:1:2001:7844:c181:df66:9111] (unknown [IPv6:240c:f:1:2001:7844:c181:df66:9111]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id BC8051813E; Mon, 9 Mar 2015 05:27:15 +0000 (UTC)
Message-ID: <54FD2F2F.7050704@redbarn.org>
Date: Sun, 08 Mar 2015 22:27:11 -0700
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 3.0.11 (Windows/20140602)
MIME-Version: 1.0
To: Paul Wouters <paul@nohats.ca>
References: <CAH1iCir+h+Kfj1q6JSqhGJ9ev0TQwRDSMci3APKCR=gJAW1phQ@mail.gmail.com> <alpine.LFD.2.10.1503082115040.2914@bofh.nohats.ca> <54FD1969.3070405@redbarn.org> <alpine.LFD.2.10.1503082359510.31060@bofh.nohats.ca>
In-Reply-To: <alpine.LFD.2.10.1503082359510.31060@bofh.nohats.ca>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/alternative; boundary="------------080605050304070003080705"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/xLF-G3zxBU8w7RD7TLsTZYmsyOk>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>, Brian Dickson <brian.peter.dickson@gmail.com>
Subject: Re: [DNSOP] Suggestion for "any" - TCP only
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 05:27:19 -0000


> Paul Wouters <mailto:paul@nohats.ca>
> Sunday, March 08, 2015 9:03 PM
> On Sun, 8 Mar 2015, Paul Vixie wrote:
>
>
> So why are we proposing to ACL the ANY queries again?

because people like me with dig-based diagnostic tools want to be able
to run ANY queries against our own servers, from our NOC/SOC.
>
> If you put ANY queries under an ACL, it means you are limiting the ANY
> query diagnostics to those who can already read the logfiles to find
> out what went wrong. It's basically the same as killing ANY queries.

if your diagnostic tools are not dig-based, then i wish you only the
best possible results from them. please do not criticize my use of
dig-based tools to find out things my log files won't tell me, nor my
laziness in preferring to use dig-based tools rather than developing a
multi-vendor dns server diagnostic protocol and patching it into every
kind of name server i might run.
>
> Cloudfare is not doing this for privacy reasons. So let's not kid
> ourselves.

cloudflare's motives are their own affair. our motives, as a community,
for getting behind the cloudflare proposal, are what should concern us.

-- 
Paul Vixie

v2.23.0 | Report a Bug | By Email