Re: [DNSOP] A conversational description of sentinel.
Warren Kumari <warren@kumari.net> Thu, 25 January 2018 15:37 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 980A912D958 for <dnsop@ietfa.amsl.com>; Thu, 25 Jan 2018 07:37:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m66j2Z3op4wp for <dnsop@ietfa.amsl.com>; Thu, 25 Jan 2018 07:37:01 -0800 (PST)
Received: from mail-wr0-x232.google.com (mail-wr0-x232.google.com [IPv6:2a00:1450:400c:c0c::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7744512D951 for <dnsop@ietf.org>; Thu, 25 Jan 2018 07:37:01 -0800 (PST)
Received: by mail-wr0-x232.google.com with SMTP id 36so8139168wrh.1 for <dnsop@ietf.org>; Thu, 25 Jan 2018 07:37:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ek2rrZFDzflceDedZyOJfUAHgHyqUkMNzvmWC6JBW80=; b=MTx8YMDKhhCkooDbDGUK2G0LT69k3GhBKEHxIRf7OASwuYMkHnpP5UWPxIvNs3FxRw u1wzkwR4YoRiIOIN2OZuWiCP6Z4KGTWDEYvog79q0LML1aVyYj09ltvvWlssehKR7UXw Cn84t256imkBMy5+kIQnOBbA4WSOalWMA0saLF/7PTDz4PRWT5W3MpKQZyw/Kc2LLqoq 8Ioqcf/1p2byuxdnF6fPcoIFPtIXUTAE7LFa0X+hWDhWjD/QrDCxGYJwiKSdhiPWqDfg 0DynnX7nJIBGaPiWXdiV2YA3/Yb0EYrplhvE2NzWdCsNOfk1zdWKgwwazLLBi+ezGqQV 7vvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ek2rrZFDzflceDedZyOJfUAHgHyqUkMNzvmWC6JBW80=; b=kAZvUMflWbnbr1rlLnrGnJmbHe84P4g6nlT4v2mlQXgLbnd5qepRNNjmVS1/yFoszg GpRCP/c+LRgriYDeMNWldAndoZhw18LboCRuV7W5DamVcLy87J83Fu+aNdJmb/KpK6Jx 66DsLfMfo6B4x6aQQYfSy/Io4Zt6FiEQdttReJqM0G8U23PDheJfRnxrWGTpFCB51w2V iAy6BoNcHfvOdaZZrdysH9lJG3baaMwz0FGl6Uat8OdqPVQbcqUMmvimqzpeFKvSe61W JyOdxlCS66oZZYRTGN2Z3lQJyIlRVq5am9SEty30d5olsNTs/Yyx70bSgoW1zPn78U5v V3IQ==
X-Gm-Message-State: AKwxytcIMxOwJCvoPb7/53fBpTHLSlT/ABPtf+XYjEH46huu4Njt+Bwh Usuqyk5UztPF8Zwtk2P0Rtp7DB2ybAeIqxpYqdRGV07FI5E=
X-Google-Smtp-Source: AH8x226cbq5OxYUkDhXxRNZOH9tKEytCqZF7w5bSFQZVj8xySofwvcvQvSEkvEZW15R6J+lE9IwxpblCS6exZ1CIq/I=
X-Received: by 10.223.184.102 with SMTP id u35mr9009124wrf.143.1516894619493; Thu, 25 Jan 2018 07:36:59 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.152.181 with HTTP; Thu, 25 Jan 2018 07:36:18 -0800 (PST)
In-Reply-To: <alpine.DEB.2.11.1801251505070.5022@grey.csi.cam.ac.uk>
References: <CAHw9_iKnD4WtTKyof=nm4ChmDZ5mAPqA7a_-m1t_Lauugf4Uow@mail.gmail.com> <alpine.DEB.2.11.1801251505070.5022@grey.csi.cam.ac.uk>
From: Warren Kumari <warren@kumari.net>
Date: Thu, 25 Jan 2018 10:36:18 -0500
Message-ID: <CAHw9_iJ-gwC1ZoWQ3YiJraD3eoUf-9-Ay--rPYzy1zWYUzvYmg@mail.gmail.com>
To: Tony Finch <dot@dotat.at>
Cc: dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/yh71d9pt0SZem5DgkN6Ul9QGlXQ>
Subject: Re: [DNSOP] A conversational description of sentinel.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2018 15:37:04 -0000
On Thu, Jan 25, 2018 at 10:10 AM, Tony Finch <dot@dotat.at> wrote: > (catching up on old messages) > > Warren Kumari <warren@kumari.net> wrote (and I liberally snipped): >> >> I publish this in my a zone: >> >> _is-ta-12345.example.com. 600 IN A 192.0.2.1 >> _is-ta-12345.example.com. 600 IN RRSIG A <valid signature> >> >> I now tell users to please browse to www.example.com, where I have a >> webpage which includes the following links: >> http://_is-ta-12345.example.com/ > > Isn't this going to cause problems with software that checks hostname > syntax? > Good catch; I stumbled into this on Monday when setting up an example... BIND (for one) checks names with underscores, but only for A records: $ ~/src/code/scripts/ddns.sh > update add _tony.dnssec-example.com 600 IN A 127.0.0.1 check-names failed: bad owner '_tony.dnssec-example.com' > update add _tony.dnssec-example.com 600 IN CNAME www.example.com > ^c $ For this reason, when setting up my toy example I used CNAMES: $dig _is-ta-20236.dnssec-example.com ... ;; ANSWER SECTION: _is-ta-20236.dnssec-example.com. 30 IN CNAME ron.kumari.net. ron.kumari.net. 600 IN A 204.194.23.4 There is a (very incomplete) example at http://www.dnssec-example.com/ -- I had created this for some slides, and so the code favors length / clarity over prettiness. Also, the "invalid" part test doesn't work yet, because, well, BIND keeps resigning my "invalid.dnssec-example.com" record and making it valid :-) > Wouldn't it be better to use something like a double hyphen to avoid > collisions? Possibly, or using CNAMES. I (personally) liked the underscores as it separated this from the rest of the namespace, but the double hyphen also sounds like an interesting idea. What does the WG think? W > > Tony. > -- > f.anthony.n.finch <dot@dotat.at> http://dotat.at/ - I xn--zr8h punycode > Shannon, Rockall: Northwest backing south later, 5 to 7, occasionally gale 8, > decreasing 4 for a time. Very rough or high, becoming rough or very rough. > Showers, rain later. Mainly good. -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- [DNSOP] A conversational description of sentinel. Warren Kumari
- Re: [DNSOP] A conversational description of senti… Joe Abley
- Re: [DNSOP] A conversational description of senti… william manning
- Re: [DNSOP] A conversational description of senti… Joe Abley
- Re: [DNSOP] A conversational description of senti… Ralph Dolmans
- Re: [DNSOP] A conversational description of senti… Warren Kumari
- Re: [DNSOP] A conversational description of senti… Tony Finch
- Re: [DNSOP] A conversational description of senti… Warren Kumari
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… Geoff Huston
- Re: [DNSOP] A conversational description of senti… Andrew Sullivan
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… Geoff Huston
- Re: [DNSOP] A conversational description of senti… Paul Vixie
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… A. Schulze
- Re: [DNSOP] A conversational description of senti… Petr Špaček
- Re: [DNSOP] A conversational description of senti… Mark Andrews
- Re: [DNSOP] A conversational description of senti… Ray Bellis
- Re: [DNSOP] A conversational description of senti… Petr Špaček
- Re: [DNSOP] A conversational description of senti… Warren Kumari
- Re: [DNSOP] A conversational description of senti… Petr Špaček
- Re: [DNSOP] A conversational description of senti… Geoff Huston
- Re: [DNSOP] A conversational description of senti… Vladimír Čunát
- Re: [DNSOP] A conversational description of senti… Ray Bellis
- Re: [DNSOP] A conversational description of senti… Tony Finch
- Re: [DNSOP] A conversational description of senti… Geoff Huston
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… A. Schulze
- Re: [DNSOP] A conversational description of senti… Tony Finch
- Re: [DNSOP] A conversational description of senti… Patrick Mevzek
- Re: [DNSOP] A conversational description of senti… Petr Špaček
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… joel jaeggli
- Re: [DNSOP] A conversational description of senti… Joe Abley
- Re: [DNSOP] A conversational description of senti… Paul Hoffman
- Re: [DNSOP] A conversational description of senti… Petr Špaček
- Re: [DNSOP] A conversational description of senti… Warren Kumari
- Re: [DNSOP] A conversational description of senti… Warren Kumari
- Re: [DNSOP] A conversational description of senti… Benno Overeinder
- Re: [DNSOP] A conversational description of senti… Bob Harold
- Re: [DNSOP] A conversational description of senti… Matt Larson
- Re: [DNSOP] A conversational description of senti… Geoff Huston
- [DNSOP] Risk of using underscores for sentinel (W… Stephane Bortzmeyer
- Re: [DNSOP] Risk of using underscores for sentine… Vladimír Čunát