IETF Logo Mail Archive

Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment

Phillip Hallam-Baker <hallam@gmail.com> Thu, 24 February 2011 13:44 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 033753A6B23; Thu, 24 Feb 2011 05:44:11 -0800 (PST)
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A39033A6B23 for <dnsext@core3.amsl.com>; Thu, 24 Feb 2011 05:44:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.566
X-Spam-Level:
X-Spam-Status: No, score=-3.566 tagged_above=-999 required=5 tests=[AWL=0.032, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tz0vo5en5ZfM for <dnsext@core3.amsl.com>; Thu, 24 Feb 2011 05:44:08 -0800 (PST)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by core3.amsl.com (Postfix) with ESMTP id D13023A6806 for <dnsext@ietf.org>; Thu, 24 Feb 2011 05:44:07 -0800 (PST)
Received: by bwz13 with SMTP id 13so1240630bwz.31 for <dnsext@ietf.org>; Thu, 24 Feb 2011 05:44:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=n7YJY4TBvoYVv+pf11t3adwD8/KReq3ni3AzZgj5Ni8=; b=LZ0c2o0CTATsRfW+eZdDEvpVyKwcCeB6tqgkA/IWF8qHiFO778TUU0L5n1c9fqF9nR EzX0KcmgTxMtghc+WiReioTbxBaK7aZy2L9twOkxvZIZMdXdptlaTUbh8k3K6z88omLj 3x4dU2uINTRfK66yqDyIFq4A+l5GlINH0nwro=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=rLo87T6L27CpjcPIf1hhKysq6HDNdPVVVeTq1atGTVN6Wjd7Peod6GkO5uDc5HqCT5 aFCpt2F4Sx7eeKDE8bSCWKSpwvWC/ZV95H0AXbaRAdz89kQywfdmantpWfkh8FQr3/eJ iGTW9QfLXFsKuBwKpURCY/zJMT68sKTtquAPI=
MIME-Version: 1.0
Received: by 10.204.7.213 with SMTP id e21mr778755bke.47.1298555094667; Thu, 24 Feb 2011 05:44:54 -0800 (PST)
Received: by 10.204.14.139 with HTTP; Thu, 24 Feb 2011 05:44:54 -0800 (PST)
In-Reply-To: <8657EF4A-A08D-46E5-8917-553AE377CAD8@ICSI.Berkeley.EDU>
References: <20110216165921.GW96213@shinkuro.com> <3B90ED2E-980D-4B01-889F-447D66D0B58D@insensate.co.uk> <20110216174011.GZ96213@shinkuro.com> <20110218143653.GC84482@bikeshed.isc.org> <20110218151209.GF66684@shinkuro.com> <4D5EEE09.4080405@dougbarton.us> <20110218222950.GL74065@shinkuro.com> <4D5F270F.20401@abenaki.wabanaki.net> <199C7B2B4228461FB024E59A990DB46D@ics.forth.gr> <4D641DB6.4090705@necom830.hpcl.titech.ac.jp> <20110222205617.GS53815@shinkuro.com> <4D64489B.7020901@necom830.hpcl.titech.ac.jp> <713D992A-1DB9-4F72-9D18-8E923AD51D8D@icsi.berkeley.edu> <AANLkTikf2ixw7JkxQiRBobv-seYnaYS0E3G8TboosnA=@mail.gmail.com> <alpine.LSU.2.00.1102231029260.27602@hermes-1.csi.cam.ac.uk> <AANLkTin6-mXBeKC_TzgvWUaCyxKfeZxTK1BQvXtpwuCN@mail.gmail.com> <4CC95816-8225-4CAE-897F-3F13F965BCEE@ICSI.Berkeley.EDU> <alpine.LSU.2.00.1102240953550.5244@hermes-1.csi.cam.ac.uk> <AANLkTiniVDDZXFOV4WryNN=+hK29rBO8_HTAqw7bK=Nf@mail.gmail.com> <AANLkTikZYBYyRKkZzMCuCJbVpqLx-2BBYW3TSMQ8ZL81@mail.gmail.com> <8657EF4A-A08D-46E5-8917-553AE377CAD8@ICSI.Berkeley.EDU>
Date: Thu, 24 Feb 2011 08:44:54 -0500
Message-ID: <AANLkTikHm62x=+xWpSRyERw2cB31yZZhVkTT-90dgFjk@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Nicholas Weaver <nweaver@icsi.berkeley.edu>
Cc: dnsext@ietf.org
Subject: Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0062134713=="
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

So you are saying that it is TOO LATE to make a change that would have major
impact on the practice of domain management?

It really has to be one or the other. Either it is too late to make major
change or its all on the table.


Or alternatively, the proposed use case may not justify a major change.


On Thu, Feb 24, 2011 at 8:37 AM, Nicholas Weaver
<nweaver@icsi.berkeley.edu>wrote:

>
> On Feb 24, 2011, at 5:17 AM, Phillip Hallam-Baker wrote:
>
> >
> >
> > On Thu, Feb 24, 2011 at 7:52 AM, Tony Finch <dot@dotat.at> wrote:
> > On Thu, 24 Feb 2011, Phillip Hallam-Baker wrote:
> > >
> > > Why would I need a time machine? You still don't have anyone actually
> using
> > > DNSSEC for production?
> >
> > Speak for yourself. We're using it in cam.ac.uk and so are our friends
> at
> > ic.ac.uk. Large amounts of cz is signed.
> >
> > Generating signatures is one thing.
> >
> > You don't have a deployment until you have people verifying the
> signatures and the results affect their behavior.
>
> All Comcast customers who've opted out of the NXDOMAIN wildcarding are
> behind resolvers that validate DNSSEC.
>
>
> nweaver% dig www.dnssec-failed.org
>
> ; <<>> DiG 9.6.0-APPLE-P2 <<>> www.dnssec-failed.org
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 36205
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.dnssec-failed.org.         IN      A
>
> ;; Query time: 47 msec
> ;; SERVER: 192.168.1.1#53(192.168.1.1)
> ;; WHEN: Thu Feb 24 05:35:42 2011
> ;; MSG SIZE  rcvd: 39
>
>
> nweaver% dig +cd www.dnssec-failed.org
>
> ; <<>> DiG 9.6.0-APPLE-P2 <<>> +cd www.dnssec-failed.org
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1844
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.dnssec-failed.org.         IN      A
>
> ;; ANSWER SECTION:
> www.dnssec-failed.org.  7200    IN      A       68.87.64.48
>
> ;; Query time: 15 msec
> ;; SERVER: 192.168.1.1#53(192.168.1.1)
> ;; WHEN: Thu Feb 24 05:35:48 2011
> ;; MSG SIZE  rcvd: 55
>
>


-- 
Website: http://hallambaker.com/

_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email