[DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggressiveuse-08.txt
internet-drafts@ietf.org Thu, 12 January 2017 10:06 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 62A2E1293F8; Thu, 12 Jan 2017 02:06:53 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.40.3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <148421561340.19370.14177452721086629843.idtracker@ietfa.amsl.com>
Date: Thu, 12 Jan 2017 02:06:53 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Octb0Ck8ZlfNTsk9L2r062QMvfU>
Cc: dnsop@ietf.org
Subject: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggressiveuse-08.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2017 10:06:53 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations of the IETF.
Title : Aggressive use of DNSSEC-validated Cache
Authors : Kazunori Fujiwara
Akira Kato
Warren Kumari
Filename : draft-ietf-dnsop-nsec-aggressiveuse-08.txt
Pages : 16
Date : 2017-01-12
Abstract:
The DNS relies upon caching to scale; however, the cache lookup
generally requires an exact match. This document specifies the use
of NSEC/NSEC3 resource records to allow DNSSEC validating resolvers
to generate negative answers within a range, and positive answers
from wildcards. This increases performance / decreases latency,
decreases resource utilization on both authoritative and recursive
servers, and also increases privacy. It may also help increase
resilience to certain DoS attacks in some circumstances.
This document updates RFC4035 by allowing validating resolvers to
generate negative answers based upon NSEC/NSEC3 records (and positive
answers in the presence of wildcards).
[ Ed note: Text inside square brackets ([]) is additional background
information, answers to frequently asked questions, general musings,
etc. They will be removed before publication.This document is being
collaborated on in Github at: https://github.com/wkumari/draft-ietf-
dnsop-nsec-aggressiveuse. The most recent version of the document,
open issues, etc should all be available here. The authors
(gratefully) accept pull requests.]
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec-aggressiveuse/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-dnsop-nsec-aggressiveuse-08
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-nsec-aggressiveuse-08
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
- [DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggress… internet-drafts