IETF Logo Mail Archive

Re: [dnsext] draft-mohan-dns-query-xml-00.txt

Aki Tuomi <Aki.Tuomi@tdc.fi> Thu, 29 September 2011 07:15 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AA8421F8DB2; Thu, 29 Sep 2011 00:15:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1317280551; bh=lisBqQlnrNZV2sDxxWfCCBg0K452pRg1AAwGJAO7n48=; h=From:To:Date:Message-ID:References:In-Reply-To:MIME-Version:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; b=djw/6DCUKCLTrvajkhNHsAMaW6V3cZUMm+1coSw+tnsubAphs31b9U/GcXX2PhdIB Aphctwyv9ZAYdHr2WdZ7UgJcv0U/rPaeXG72X3JmyQgHXN7WwzA3kRy/to/JKtZSEb 1XMP6XNmrTtsW4i6WT6Ddj+OcLa2aPkaV1OHwlvw=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2424D21F8DB1 for <dnsext@ietfa.amsl.com>; Thu, 29 Sep 2011 00:15:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U0pt47PRNyxG for <dnsext@ietfa.amsl.com>; Thu, 29 Sep 2011 00:15:48 -0700 (PDT)
Received: from mx10.tdc.fi (mx10.tdc.fi [80.64.7.197]) by ietfa.amsl.com (Postfix) with ESMTP id 2265E21F8DAB for <dnsext@ietf.org>; Thu, 29 Sep 2011 00:15:46 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.68,459,1312146000"; d="scan'208";a="81074125"
Received: from fi-hel2ex03.nordiclan.net ([194.100.5.181]) by mail-gw1.tdc.fi with ESMTP; 29 Sep 2011 10:18:35 +0300
Received: from FI-HEL2EX02.nordiclan.net ([194.100.5.180]) by fi-hel2ex03.nordiclan.net ([169.254.2.93]) with mapi id 14.01.0339.001; Thu, 29 Sep 2011 10:18:35 +0300
From: Aki Tuomi <Aki.Tuomi@tdc.fi>
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>, Mohan Parthasarathy <suruti94@gmail.com>
Thread-Topic: [dnsext] draft-mohan-dns-query-xml-00.txt
Thread-Index: AQHMfgwGM/xRHxVWqUCYwA6Ec0xRypVi/GiAgAAaWgCAAAKKgIAAKouAgAAOdoCAAKE6AA==
Date: Thu, 29 Sep 2011 07:18:34 +0000
Message-ID: <4343712A0D390E46ABDE28EA69F91EF21C862A08@fi-hel2ex02.nordiclan.net>
References: <CACU5sDnBx5AijEgFXKNPjtcVdtBnBJamsn-f_ye0Jm3TQq0mvw@mail.gmail.com> <alpine.LFD.1.10.1109281525430.25654@newtla.xelerance.com> <CACU5sDk-2NeWgp-MBt1O0=MoP1mnH5UgWY1PuYK_YyJTpJ256Q@mail.gmail.com> <71422E92-1832-4703-98F4-62FB839A5235@icsi.berkeley.edu> <CACU5sDkmovsrEup9=PzTa7edgA9Z_jQvSEF07JM7mwOAs_mYbg@mail.gmail.com> <9127D76F-53FC-4F69-B0E7-5328CFFF6871@ICSI.Berkeley.EDU>
In-Reply-To: <9127D76F-53FC-4F69-B0E7-5328CFFF6871@ICSI.Berkeley.EDU>
Accept-Language: en-US, fi-FI
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.16.52.207]
MIME-Version: 1.0
Cc: Paul Vixie <vixie@isc.org>, "dnsext@ietf.org" <dnsext@ietf.org>
Subject: Re: [dnsext] draft-mohan-dns-query-xml-00.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

> -----Original Message-----
> From: dnsext-bounces@ietf.org [mailto:dnsext-bounces@ietf.org] On
> Behalf Of Nicholas Weaver
> Sent: Thursday, September 29, 2011 3:40 AM
> To: Mohan Parthasarathy
> Cc: Paul Vixie; dnsext@ietf.org
> Subject: Re: [dnsext] draft-mohan-dns-query-xml-00.txt
> 
> 
> On Sep 28, 2011, at 4:48 PM, Mohan Parthasarathy wrote:
> 
> > On Wed, Sep 28, 2011 at 2:16 PM, Nicholas Weaver
> > <nweaver@icsi.berkeley.edu> wrote:
> >>
> >> On Sep 28, 2011, at 2:07 PM, Mohan Parthasarathy wrote:
> >>> If I want to be able to run both my web service and DNS service
> from
> >>> the same address, then I can't just run DNS alone over 80/443.
> >>
> >> Have you looked at just running normal DNS recursively from the end
> host, including failover to TCP when things are obviously breaking?
> >>
> >> We don't have ALL the information yet (our test is not comprehensive
> enough), but most systems CAN do direct fetches on UDP or TCP if they
> must: non-functioning recursive resolvers should not be a problem for
> DNSSEC validation.
> >>
> >
> > I am not sure I understand the question. If you are dependent on a
> > recursive server to fetch the DNSSEC records, then that server needs
> > to be DNSSEC aware. If you are operating in iterative mode fetching
> it
> > yourself, then it does not work in environments where firewalls
> > normally prohibit talking to external name servers. Which one are you
> > talking about ? We had a lengthy discussion about the various options
> > in the dnssec-deployment group recently.
> 
> Don't be dependent on the recursive server.  Just fetch it thyself
> iteratively, starting with the root, and be done with it.
> 

Many corporate firewalls do not permit you to go fetch stuff yourself, but insist you use the local resolvers. Of course, corporate environments probably do not apply here in any case. But I thought I'd just mention this. 

Aki Tuomi
_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.8.7 | Report a Bug | By Email