[dnsext] perhaps we should reintroduce "resimprove"
paul vixie <vixie@isc.org> Thu, 09 February 2012 15:12 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5F5621F864E; Thu, 9 Feb 2012 07:12:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1328800353; bh=il5Tx0spKxWcCUUm5BxQSCQrQLxWOqk20BomIFwIEbk=; h=Message-ID:Date:From:MIME-Version:To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=VMH2daZbixY85hGzf8kuQ9C3pIt1RfVH++o+4R/RbuM6dxO8o4JtAYyk9UxN1V8cF x6wWhcfi5yNJnweftNJVpndNRuxEjjh/rL7a0XTY+owe759jdcXlHxcln/z4uArm8o gha9Lgzw7fJh+8blWvmk0DlAxgfg1MSsKbroLD2E=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACC4721F8729 for <dnsext@ietfa.amsl.com>; Thu, 9 Feb 2012 07:10:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zmV-X2LdrtYm for <dnsext@ietfa.amsl.com>; Thu, 9 Feb 2012 07:10:03 -0800 (PST)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by ietfa.amsl.com (Postfix) with ESMTP id E3F1E21F8726 for <dnsext@ietf.org>; Thu, 9 Feb 2012 07:09:59 -0800 (PST)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.ams1.isc.org (Postfix) with ESMTPS id 06EF75F989F for <dnsext@ietf.org>; Thu, 9 Feb 2012 15:09:38 +0000 (UTC) (envelope-from vixie@isc.org)
Received: from [192.168.2.143] (APuteaux-553-1-60-230.w92-151.abo.wanadoo.fr [92.151.75.230]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 1F78E216C6D for <dnsext@ietf.org>; Thu, 9 Feb 2012 15:09:30 +0000 (UTC) (envelope-from vixie@isc.org)
Message-ID: <4F33E1A6.4030902@isc.org>
Date: Thu, 09 Feb 2012 15:09:26 +0000
From: paul vixie <vixie@isc.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: dnsext@ietf.org
Subject: [dnsext] perhaps we should reintroduce "resimprove"
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
based on the renewed interest in the delegation and glue ttl problem caused by the "ghost domains" paper, i looked again at: http://tools.ietf.org/html/draft-vixie-dnsext-resimprove-00 ...which i presented in prague about a year ago. the sticking point was: B. Stopping a downward cache search when an NXDOMAIN is encountered. and all of section 3. this proposal was considered controversial since two existing implementation (rbldnsd and tinydns) currently send nxdomain when queried for an empty nonterminal domain name. i did not agree that this was a problem since RBL DNS queries are always full length (that is, for all octets or all nybbles of an inverted host address) and since the DNSSEC specification clarified non-terminal names as existing but empty. i now propose that we dust off this draft, remove (B) and section 3, and progress it not as an improvement but as a security and resiliency requirement (so, a proposed standard) in the face of the "ghost domain" problem. i may yet reintroduce the NXDOMAIN matter but i don't think that we should logjam on it any further. with five shows of support i would consider the editorial work involved here to be worth doing. paul _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] perhaps we should reintroduce "resimprov… paul vixie
- Re: [dnsext] perhaps we should reintroduce "resim… Andrew Sullivan
- Re: [dnsext] perhaps we should reintroduce "resim… Frederico A C Neves
- Re: [dnsext] perhaps we should reintroduce "resim… Andrew Sullivan
- Re: [dnsext] perhaps we should reintroduce "resim… Andrew Sullivan
- Re: [dnsext] perhaps we should reintroduce "resim… Warren Kumari
- Re: [dnsext] perhaps we should reintroduce "resim… Stephane Bortzmeyer
- Re: [dnsext] perhaps we should reintroduce "resim… paul vixie
- Re: [dnsext] perhaps we should reintroduce "resim… W.C.A. Wijngaards
- Re: [dnsext] perhaps we should reintroduce "resim… Florian Weimer
- Re: [dnsext] perhaps we should reintroduce "resim… Olafur Gudmundsson
- Re: [dnsext] perhaps we should reintroduce "resim… Nicholas Weaver
- Re: [dnsext] perhaps we should reintroduce "resim… Paul Hoffman
- Re: [dnsext] perhaps we should reintroduce "resim… Evan Hunt
- Re: [dnsext] perhaps we should reintroduce "resim… Olafur Gudmundsson
- Re: [dnsext] perhaps we should reintroduce "resim… Blacka, David
- Re: [dnsext] perhaps we should reintroduce "resim… Olafur Gudmundsson
- [dnsext] Ghost domain names Edward Lewis
- Re: [dnsext] perhaps we should reintroduce "resim… Blacka, David
- Re: [dnsext] perhaps we should reintroduce "resim… Olafur Gudmundsson
- Re: [dnsext] Ghost domain names Florian Weimer
- Re: [dnsext] perhaps we should reintroduce "resim… Mohan Parthasarathy
- Re: [dnsext] perhaps we should reintroduce "resim… Edward Lewis
- Re: [dnsext] perhaps we should reintroduce "resim… Paul Vixie
- Re: [dnsext] perhaps we should reintroduce "resim… Mohan Parthasarathy
- Re: [dnsext] perhaps we should reintroduce "resim… Mark Andrews
- Re: [dnsext] perhaps we should reintroduce "resim… Mohan Parthasarathy