This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[dns-wg] NCC reverse delegation criteria
- Previous message (by thread): [dns-wg] NCC reverse delegation criteria
- Next message (by thread): [dns-wg] NCC reverse delegation criteria
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jonas Frey
jf at probe-networks.de
Tue Jun 11 18:28:43 CEST 2019
Hello all, as for this topic, i have started the discussion on the members-discuss list. So far it seems there are various opinions about this topic. From the replys i have received it seems these are: - Dont run a open resolver, let RIPE block - Dont run a open resolver, let RIPE warn - Run a open resolver and secure it propely, RIPE pass - Dont check anything, RIPE pass - Let RIPE check for amplification level, decide on that The main question is if RIPE should prohibit technically valid configurations. IMO: if the open resolver+auth. resolver is considered a bad setup (for operational reasons/resilience or whatever) then that should be left up to the company running it (as possible impact is limited to that - besides amplification). (However there seem to be huge controversal thoughts about this, i.e. if dividing both functions is still neccessary in 2019) As previously noted most (if not all) ccTLD registrys do not block when a open recursor is found. (C/N/O: Verisign pass, EU EURID: pass, DE DE- NIC: pass with warn). Now that these ccTLDs deal with *alot* more nameservers than RIPE (probably), why would it make sense for RIPE to force a block of them? -- Mit freundlichen Grüßen / Best regards, Jonas Frey ---------------------------------------------------------------- Probe Networks Jonas Frey e-Mail: jf at probe-networks.de Auf Strützberg 26 D-66663 Merzig Tel: +(49) (0) 6861 90897-00 Fax: +(49) (0) 6861 90897-99 Internet: www.probe-networks.de Hotline: 0800 1656531 ---------------------------------------------------------------- Diese E-Mail enthaelt moeglicherweise vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist strengstens untersagt. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the contents of this e-mail is strictly prohibited. ------------------------------------------ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: This is a digitally signed message part URL: </ripe/mail/archives/dns-wg/attachments/20190611/0ddf8779/attachment.sig>
- Previous message (by thread): [dns-wg] NCC reverse delegation criteria
- Next message (by thread): [dns-wg] NCC reverse delegation criteria
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]