[dnssec-deployment] Draft http://tools.ietf.org/html/draft-livingood-dns-redirect-00

Mats.Dufberg at teliasonera.com Mats.Dufberg at teliasonera.com
Mon Jul 13 04:21:38 EDT 2009


The effect of redirecting NXDOMAIN (or NO DATA) on other protocols (imap, ntp etc), for non-interactive http (fetching files over http) and HTTPS, respectively, should be discussed in more details. Getting a clean NXDOMAIN/NO DATA answer helps the user to solve the problem instead of getting some indirect error due to redirection:

* connection refused (imap, ntp)
* no file found or bogus file (fetching file)
* connection refused or wrong certificate (https) 


The document has too much focus on interactive web browsing.



Mats

------------------------------------------
Mats Dufberg
TeliaSonera BBS P&P AP SP Internet
+46-70-2582588
mats.dufberg at teliasonera.com
------------------------------------------
 

> -----Original Message-----
> From: DNSSEC deployment 
> [mailto:dnssec-deployment at shinkuro.com] On Behalf Of Phil Regnauld
> Sent: den 10 juli 2009 11:08
> To: DNSSEC deployment
> Subject: [dnssec-deployment] Draft 
> http://tools.ietf.org/html/draft-livingood-dns-redirect-00
> 
> Hi everyone,
> 
> This was just published (the co-author posted on dnsop at ietf.org).
> 
> http://tools.ietf.org/html/draft-livingood-dns-redirect-00
> 
> Anyone have feedback re. §10: 10.  DNSSEC Considerations ?
> 
> Feedback to the authors is obviously the goal, but it might be a
> good thing to see if anyone here sees problems with the DNSSEC
> bit so we can coordinate comments.
> 
> Cheers,
> Phil
> 
> #############################################################
> This message is sent to you because you are subscribed to
>   the mailing list <dnssec-deployment at shinkuro.com>.
> To unsubscribe, E-mail to: <dnssec-deployment-off at shinkuro.com>
> A public archive is available here: 
> <http://mail.shinkuro.com:8100/Lists/dnssec-deployment/>
> and older material is at
> <http://mail.shinkuro.com:8100/Lists/dnssec-deployment-archive/>
> 


More information about the Dnssec-deployment mailing list