IETF Logo Mail Archive

[DNSOP] Re: [Ext] Opsdir last call review of draft-ietf-dnsop-rfc8109bis-05

"Joe Clarke (jclarke)" <jclarke@cisco.com> Thu, 25 July 2024 19:39 UTC

Return-Path: <jclarke@cisco.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57500C14F711; Thu, 25 Jul 2024 12:39:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.742
X-Spam-Level:
X-Spam-Status: No, score=-14.742 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="bfjLnH4U"; dkim=pass (1024-bit key) header.d=cisco.com header.b="PwYnEOM6"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HoGeJ1MSVJ67; Thu, 25 Jul 2024 12:39:17 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23DD0C14F69D; Thu, 25 Jul 2024 12:39:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=9057; q=dns/txt; s=iport; t=1721936357; x=1723145957; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=B5m4+cvobFMsUEqmHosQMkbahHK2uuW/ecgHH/pCFcA=; b=bfjLnH4UZV9yX02vrjr6dMj8/57nFo5XSnKLtrAJOxwSGCUaD6kZLZiq cMiDQEtWomLrXT/j10cdAJg+LFmHyxvQ5Mc63HxmXQQcdOOkFfyiQbccx LUdxp6Ys+ODc8HYTSxEUsqCeOSN56m9QunSKUVm2v0JW/RdBcoa/VIrzx g=;
X-CSE-ConnectionGUID: d9xY2qu+Qmmlozq2W2UA1Q==
X-CSE-MsgGUID: QVp3Bnf+TdmfU3XCynJCgg==
X-IPAS-Result: A0AVAADGqKJmmIkNJK1aHQEBAQEJARIBBQUBQCWBFwcBCwGBQDFSegKBChJIiCEDhS2IcQOBE5YphlWBJQNWDwEBAQ0BATUPBAEBhQYCiTkCJjUIDgECAgIBAQEBAwIDAQEBAQEBAQEBBQEBBQEBAQIBBwUUAQEBAQEBAQE3BQ47hXUNhl4BAQECARIuAQE3AQQLAgEIRjElAgQODRqCXgGCHCUjAwGhPAGBQAKKKHiBNIEBggwBAQbeAAmBSAGIPAEogTGIeCcbgUlEgRVCgjAHMT6CYQKBSBo8g1eCL447hF6GNoVogUKEUyZLWo0PVHUiAyYzIQIRAVUTFws+HQIWAxsUBDAPCQsmKQY5AhIMBgYGWTIJBCMDCAQDQgMgcRADBBoECwd3gXGBNAQTR4E3iV0KgXqBLSmBSyaBDIMOgTUTg2mBawwST4hYgQ+BPoFgAYNFS4NeCoIBXR1AAwttPRQhFBsFBIE1BakZBDuDDoEvKg0aHBQrgR4RDyaiYqNdCoQVoW4XhAWTfZFYZJhtlmKSAwIEAgQFAg8BAQaBaQI2gVtwFTuCZwlJGQ+OIRmDYYRZx2x4OwIHCwEBAwmKagEB
IronPort-PHdr: A9a23:oFwv8RyZwNRLrr7XCzPsngc9DxPP853uNQITr50/hK0LKOKo/o/pO wrU4vA+xFPKXICO8/tfkKKWqKHvX2Uc/IyM+G4Pap1CVhIJyI0WkgUsDdTDCBjTJ//xZCt8F 8NHPGI=
IronPort-Data: A9a23:WNI/lqCcFKioXRVW//Ljw5YqxClBgxIJ4kV8jS/XYbTApGgigmABz WodCmGHbKqCZWuke40nPoq/8UICu5/UyIJhOVdlrnsFo1CmBibm6XV1Cm+qYkt+++WaFBoPA /02M4SGcYZtCCeB+39BC5C5xVFkz6aEW7HgP+DNPyF1VGdMRTwo4f5Zs7ZRbrVA357hUmthh fuo+5eDYAD/hmYpWo4pw/vrRC1H7ayaVAww5jTSVdgT1HfCmn8cCo4oJK3ZBxPQXolOE+emc P3Ixbe/83mx109F5gSNy+uTnuUiG9Y+DCDW4pZkc/HKbitq+kTe5p0G2M80Mi+7vdkmc+dZk 72hvbToIesg0zaldO41C3G0GAkmVUFKFSOuzXWX6aSuI0P6n3TEz6R+PRsvIM4h/+NzBnNXr 8NCFRlUV0XW7w626OrTpuhEj8AnKozgO5kS/y0mxjDCBvFgSpfGK0nIzYYHh3Fr2IYXRrCHP JVxhTlHNHwsZzVNMVMeEpEztOypnXL4NTZfrTp5oIJsuTGJk1MoieGF3Nz9Q+KSHu9TkAWkq mfIwj/JKQAcFveQxm/Qmp6rrrSSxXygAt16+KeD3vpjm0HWzWUXDDUXWEe15/6jhSaWV8hWJ VBR+ycyo+0+8lesVpznURbo+SbVtB8HHdNUF8U75R2DjK3O7G6xCm4fSSZpadE6uokxXzNC/ liRhJblBCZHsbCJRzSa7Lj8kN+pESERKWlHbigeQE5ZpdLiu4o0yBnIS76PDZJZkPX5SCHBm SmX7xE7grEUn9dR6P+G1An+1mfESofyciY54QDeX2SA5wx/ZZK4a4HA1bQ9xagcRGp+Zgfd1 EXoi/SjAPYy4YZhfRFhrc0EGLWvov2CKjCZ3RhkHoIq8HKm/HvLkWFsDNNWeRYB3iUsIGOBj KrvVeV5v8Q70JyCNvMfXm5JI552pZUM7Py8PhwuUvJAY4JqaCiM9zx0aEib0gjFyRd2yPFiZ szDKZj2VR727JiLKhLrG4/xNpd2lkgDKZ/7H8uTI+mPiODHPSXEE9/pznPTNr1gvMtoXzk5A /4EapPVkE8AOAEPSiLW6oUUZUsbNmQ2AIu+qspcMIa+zvlORgkc5wvq6ep5IeRNxv0N/s+Rp y3VchEDkjLX2yaYQThmn1g+MtsDq74l8yJiVcHtVH71s0UejXGHtf5FL8trI+B+rYSOD5dcF pE4RilJOdwWIhzv8DUGZp67p4tnHClHTyrVV8Z5SFDTp6JdejE=
IronPort-HdrOrdr: A9a23:LiMHyaq1zHeNZ3wKT2g91AAaV5tkLNV00zEX/kB9WHVpm5Oj5q OTdaUgtSMc1gxxZJh5o6HwBEDhex/hHZ4c2/hpAV7QZniXhILIFvAs0WKG+UyDJ8SQzJ8h6U 4NSdkYNDS0NykFsS+Y2nj3Lz9D+qj6zEnAv463pBkdKHAPV0gj1XYHNu/xKDwPeOAyP+tCKH Pq3Ls9m9PPQwVwUu2LQlM+c6zoodrNmJj6YRgAKSIGxWC15w+A2frRKTTd+g0RfQ9u7N4ZnF QtlTaX2oyT99WAjjPM3W7a6Jpb3PH7zMFYOcCKgs8Jbh3xlweBfu1aKv2/lQFwhNvqxEchkd HKrRtlFd908Wntcma8pgao8xX80Qwp92TpxTaj8DjeSI3CNXAH4vh69MZkmyjimg0dVRZHoe R2Nleixt9q5NX77X3ADpbzJklXfwGP0AkfeKYo/g5iuM0lGf5sRUh1xjIOLH/GdxiKs7wPAa 1gCtrR6+1Rdk7fZ3fFvnN3yNjpRXgrGAyaK3Jy8PB9/gIm1EyR9XFoj/A3jzMF7tYwWpNE7+ PLPuBhk6xPVNYfaeZ4CP0aScW6B2TRSVaUWVjibWjPBeUCITbAupT36LI66KWjf4EJ1oI7nN DEXElDvWA/dkryAYmF3YFN8BrKXGKhNA6dh/129tx8oPnxVbDrOSqMRBQnlNahuewWBonBV/ O6KPttcrbexKvVaPB0NiHFKu5vwCMlIbgoU/4AKiaznv4=
X-Talos-CUID: 9a23:H8xqBWA6cq7IiCv6EyU25H9OA91mS3jYyHDCOhWHU1tAEYTAHA==
X-Talos-MUID: 9a23:8J671AzdsRiaVTMS8RSzDjylLaGaqJ2QEBsnl5tFh8WBOxErCxyMihacTYByfw==
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-6.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jul 2024 19:39:16 +0000
Received: from rcdn-opgw-2.cisco.com (rcdn-opgw-2.cisco.com [72.163.7.163]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 46PJdGqH021256 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 25 Jul 2024 19:39:16 GMT
X-CSE-ConnectionGUID: AHfjAcxsTKq71RhAVuGQaQ==
X-CSE-MsgGUID: XFODSO3aRw2jDvwqCIZ4Fw==
Authentication-Results: rcdn-opgw-2.cisco.com; dkim=pass (signature verified) header.i=@cisco.com
X-IronPort-AV: E=Sophos;i="6.09,236,1716249600"; d="scan'208,217";a="19138693"
Received: from mail-bn1nam02lp2045.outbound.protection.outlook.com (HELO NAM02-BN1-obe.outbound.protection.outlook.com) ([104.47.51.45]) by rcdn-opgw-2.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jul 2024 19:39:15 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=cxeHB1rpCY0GSZF55tVI5xDwkpuzLfGYpCVLTduMt+bmEEZbkoX2nbyHxKfU0yyYSPGdmVmFb47sFHzaGZeJ0WCe580XmlmHXqGA3kUGnRTO3beCvFBaGGxoUrc7rdgq+BIdlLGkJCl62AMNMY21+cESWGAj2kElMgkJmQ0JdSuu/kypnmEvesNxMIDs0uThCcFb49BjgTLc+kGL4dQjdc0CLkjpggoWJLkK9pHzv7x0tVZP4485R/Vt2h7VBjH08QM5iG+axPi2YqxzMVtucj+SytBKVdUbWb+jO4DAXmDiHfp0FViitsTPdqQzf57qL0QHvSRjYVwzvifYJZjThg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=B5m4+cvobFMsUEqmHosQMkbahHK2uuW/ecgHH/pCFcA=; b=VLjgLhm75lekf6M4T8gf7koAchxIntWTWVuwJ57InaCBH2KheC7x7o8wY0pt07HMIjT+ao+p0rZKyFIuj+IoLwuTNI6yurKt1LFcR4trB2gUTKoXK29ZvJCjsm14Xfqb7ydHKQysoeEs0g4ENodma3gIkfwnevAK0qZi5J4BPqLBAhWCeUSuHp7/RvIjreS991NxdpSjGrywWiVKeZ0kNLeWfpq3YEFIKy8eZNX/pcyStklk4W7p20RRGH6sKuPF3E/013eKT2qXS5RCzAzgswc0IUfQU4hHvoi96FljLvZIxE9yj1tgssWnv1ZkvtuEISRla23Y8SaPbnlGBNmsbg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B5m4+cvobFMsUEqmHosQMkbahHK2uuW/ecgHH/pCFcA=; b=PwYnEOM6lnVCesSApnzRdq5DLpL15sXVAdVDMsG6D0o8bNabUuliEEsA2FOHccO/7M7JX9OM9KtjJNiuIfcauMks0nlRbzHP5bwfOR3dPe/5/7U/pik6QL04lfby9dUPFhsunPkkr/p311rYDxkXCAgFE3u7szHFOM/obtqtUq8=
Received: from BN9PR11MB5371.namprd11.prod.outlook.com (2603:10b6:408:11c::11) by CH0PR11MB8189.namprd11.prod.outlook.com (2603:10b6:610:18d::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.17; Thu, 25 Jul 2024 19:39:13 +0000
Received: from BN9PR11MB5371.namprd11.prod.outlook.com ([fe80::971b:f067:bf9b:efce]) by BN9PR11MB5371.namprd11.prod.outlook.com ([fe80::971b:f067:bf9b:efce%3]) with mapi id 15.20.7784.017; Thu, 25 Jul 2024 19:39:13 +0000
From: "Joe Clarke (jclarke)" <jclarke@cisco.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Thread-Topic: [Ext] Opsdir last call review of draft-ietf-dnsop-rfc8109bis-05
Thread-Index: AQHa3rzp0NoXw5n1wEO68T/IJX4Bh7IH1cyV
Date: Thu, 25 Jul 2024 19:39:13 +0000
Message-ID: <BN9PR11MB537101E6AD2E555FD19C5A5BB8AB2@BN9PR11MB5371.namprd11.prod.outlook.com>
References: <172187050118.964090.10149522399960549817@dt-datatracker-659f84ff76-9wqgv> <942FEC5A-D81C-4677-AC0C-927536D4D98A@icann.org>
In-Reply-To: <942FEC5A-D81C-4677-AC0C-927536D4D98A@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN9PR11MB5371:EE_|CH0PR11MB8189:EE_
x-ms-office365-filtering-correlation-id: 02df9988-58e9-409d-f63a-08dcace17640
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018;
x-microsoft-antispam-message-info: EzOEzsdyYphCPdyGpH2q3/sDAbE1q3NNkMvn6E+m2v/BkPd3uv4ukPN35NNIElngGVFDnlqmFeJCjarQhNdZUJMVjOYWbAvsDmK+YTPQF1k0tQ1V/CVq5rL9EBo9wD0TSSQUcrR3jlujethl+X+i+mwvyVHZzIU4PJ22IpdeGaWqUwXDVZETZz4yGgZ2p3p234Vz7DKZxHQF8t06irO2X93b/aE3PJK5GUkcZW9ONXpGOVOBSofvDKgBE8Px3/itGn6zXNVfxbFGji6Ns0ndv+ezNGTRyWWII2jBep+vSdPBVbkKyF9YnJ731Kxb1+7KF2ayQua60GvutuieL0eDtoeE0lQ5hrDRqOXufKw/Cpu4sxSrqhCiU0cTgSqJ+ty7jAcDna2sj+1s6HVAS3UAualnWOQ+mhHacqFZGn2d1lnlPFiQyDZngH+BffEx5NWMi/WcaXGQzEkWAiw0MQ8aMDeYluA7LQ6TH94DAo98w4LVbnzxTTzSbFqeA9qEpqBQoZKQ0pVaQXTe2figsyNF341W6+D8URronefdfMK+n9+JaL2kAVjK57652ohsLIjprF7UhGsWMrI+0mrPXJJjxIdcDthYbwTs2QqPkjUENiWememDEpXWqoVr/u01BZYQfmd/Dyedu8AzKrISRA1YCvDHQHjZt2eN1ZC5vgGKoDxYzDoA4LRkiABi2UlUglQy5O+NGxPoip1rUWSwUZINW9cUrbC4vt8dqueMQm8DbRE0ppERAqYHQb6Twdln1J3/KxEt+tVTpWqdh1hLAbEYuY3BrdJjm9Bmd0G+AvxWdJV6v7oR2KEGCEYzXpuGaGXTsp4ia5xehkCCRnjowJHHaPCWCpAt05jcr+60sdYsOjVNKRxqiFTXT75cgR3OYprz8TwWu0FR7CfposXKupIF+UX/hERu+35sAcTfBqiG4b/HNV2FOjbwsggpI8Bjn5OgggO5zua4KxaPKKRVPWfWCkAZso6gYAbO/M3xIbHIpwi5MxyIkFU1ewPmo9CwZjbsV+ZRY5gaX0JqZxXtQ+pxq2HJ5rTKbAe/WRcSmntljksZmDZeRqZlca++abgKCck6XJf3XQ58ZtLqFDlNeiqEShRO8l1dJ6fSE30IOGA+8wm6wQKV/8dMVlXfUBT3WIRhWxh7vVAk1CArOFxUJtKM1zWckfoNDeAWySKtE7yRgKh3PvhwE+2OFawEQbowRm97Yy+j7/lnYBtYt5dwJREaeZs10Az0SC7AdfuRKCavD6e8gEOjiiGMHiRFf5LcG5BQCOdoIFidLcmoEuYG5LVA0wXdgwv5rlTXlka1Mpf/a4A+2gig+EvQ7A1Y5JaxnD2C4+mZla67xU5l4/ClFJvCAlNh9jP0XeBxkIv1dTYB0VEFZ9pEv5E8LCEZJzIAh4uEACWW3K5tJDi2zl5FZqvbsQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN9PR11MB5371.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: C4k+P4q6owXplt/eduzKPQEAsMey2HGonDtVic/1qnpFDZ5aQgKLoiLlgwhaCmdLKVq9tvECPiXYUilnYeCF+wf2hq2DP0SUBVFL3sntQdhjUhY88Lk/3jluHuxFvhFg1ADQRsEybH3c5vIvEbkiM8K3ZCH2mDMltY8xXtmMrqDABit2TuBYYbtgNYmV8bY1nyWKhHUQc492O7DU77KveN9fpNqizq0KFIiAHuwnzPnzTXONQIC8Ir2FEZfYQehC0IjGF8DiHBewWfpaVnsh7JHws48ca0FutnF0789aN5pqJ2CysOcaVxjynrxyjd5/bhFUoYcBcahPhEsidrCtQU+frppmMoIaK/Y4o67JoXtOq5GgzjWHxn2ilD0PI9og8nWxO2FBXoGcaUGbZ+SpechObg7IUEQ11peT/Im1Kzv3LyJxcWa9wku5kgAPNQXdHlpgbZkeOgjuTsouTNz2b37Fp51Wf8mCm4/OrQmncixGFaisVJPD+eQdS/vyTkuf/rIg+ycxFwUZb5wbmlf0Fsn1ws2CJFstLxQRVensRL5wNDinm2s9YrT0o2BtzfcI0hFxd8m8cYINNUejb0iLIZ+lEd3w5rUQigTp+ZusOqs67WHwgG2fjW7jtahgkgUNXEkuf9lFP4sevaqKDRLsoQ4VqTqsoDPlrD/5KkYahOD7gCBccR7WgglzZNt3R7u0zuOJeNBv6d/onHCq7Dv7t967rMt5TaUNs7se83eTqW5oUkzlIWu4BZsa3Yt9kaYlmmTaww29nyUdO5/S/QczN5rrNTg7yHvUNtTcXaa/3EZptSz8rTHtZsuOLvvQzbIyzt1TPJXdRdQmQnKPXRQ7NNv+cLxEX4RTC+TPKPQHnBqcdupEZnuuaqkr8CDccLNKPFfOfQgQWud4WqUGuFIRj5FWeZe9iILmZ9oVdzw2JUbJfZoxUnSmVek8elJJZvFLeTlsVesNKM4qHnJkNEWTyMyRCdQDFBNHwZTBkKSobnEUXjmNwFGU9mzSFQFANnl56vVxw/9UUG5Q1iIfwLXa6HShoHUiWTkTyfE5hArOJGvybZ12D4dmywZ2avZIQPjqk2JIvUHmWy/6d/XDJDJzj4CAhqwbYhSuJd1td9Z4uG2hCkdWn28qMjqUPqmi0U4Iii5oWLFkvb96hEY139mdz4tkb0AQrtteBvCuW5JWqhUGUw0tawqZGv+/8V8LQK39BeE5ap0vyLVN9DMQMVln9jVUhu5KbeCsbhTaC2Pi9lB4mF3tL6qeIzlZMsCI0J+krRVUE9J3+nU/GoaMFmMZXvyV8TwIwz/UF/mS/AHKRT3hXI88W9HglhvqWBLDDyA1QNuM/riNS/p4TwjxHfwPuMWMy/YTFanE1YK8RDVJmlZZW4pFvNHfWIbrbjez53rASA/IZUu30H7zhalnu0uJux04kQr7Ly1gRHfBJffXN6YEaDh+OnBem5/3+OM1iuTk7g4F8tioC0AimcWMfvocwa+dzHdh3zvf2IeuQwCtBWvmwnbOiRQurf2FBNzodB8MfNeLuodzMcTnK/vUIUGt5XL1FO+dcft1JGIyOhp3e0zobd9IAnlxHKLoIzmqxY31tkYYCY690oE5op+FcNS5U6BkQKg8Viz4ThqNaSc+9QQdk95CR+v+oY1hUKgcXB5B
Content-Type: multipart/alternative; boundary="_000_BN9PR11MB537101E6AD2E555FD19C5A5BB8AB2BN9PR11MB5371namp_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN9PR11MB5371.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 02df9988-58e9-409d-f63a-08dcace17640
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2024 19:39:13.0771 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zEfFjwMoEUEf37RRqrBgZpa3syA1WfMsbfvRCcMqeYfVi772Y7BvLoxsDcnDOLzzgzQh2gxs+1eUhuryZg7XZw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR11MB8189
X-Outbound-SMTP-Client: 72.163.7.163, rcdn-opgw-2.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Message-ID-Hash: QRCHM2B4S5TYCNIPMAMOVRJKKWV57F7Y
X-Message-ID-Hash: QRCHM2B4S5TYCNIPMAMOVRJKKWV57F7Y
X-MailFrom: jclarke@cisco.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "ops-dir@ietf.org" <ops-dir@ietf.org>, dnsop <dnsop@ietf.org>, "draft-ietf-dnsop-rfc8109bis.all@ietf.org" <draft-ietf-dnsop-rfc8109bis.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: [Ext] Opsdir last call review of draft-ietf-dnsop-rfc8109bis-05
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TSH91LsUSz0Cv9bgePz4WUpVasQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

> First, in Section 3 why not just say that RD bit MUST NOT be set?  Why leave it
> to a MAY when setting the bit is undefined?  Seems like the more prescriptive
> you are the better.

Some systems might set RD to 1 for all queries, such as due to lazy programming. Setting it to 1 does no harm to anyone.

[JMC] Been there.  Would it make sense, then, to say, “server MUST ignore RD”?


> More importantly, I found Section 4 a bit confusing.  Section 4 itself starts
> by saying, "A priming query is a normal DNS query".  This is good.  Makes
> things simple.  But then in Section 4.1 there are specific requirements for the
> priming response.  Those requirements seem reasonable, but it kind of
> conflicted (at least in my mind) with the second sentence in Section 4: "Thus,
> a root server cannot distinguish a priming query from any other query for the
> root NS RRset."  So I'm not sure that a server could know to adhere to those
> requirements in its response.  I suppose this could be cleared up by being
> explicit that the client processing the priming response MUST ensure the
> response has those properties or it must not prime its cache with that response.

The requirements in 4.1 and 4.1 are the normal requirements for any server authoritative for a particular zone. They are just restated here for clarity.
[JMC] Okay.


> One other question left in my head is with the priming targets configuration.
> You mentioned named.root (which I'm familiar with), but you say this should not
> be used.

The text in 2.1 says that the root server identifiers (such as "l.root-servers.net") that appear in named.root should not be used in priming.
[JMC] I re-read 2.1, and I see what you mean.  But my first reads interpreted the “such information” to include the whole of the contents of named.root.  Maybe it’s just me.  But if not, I would suggest a slight edit to:
“Although there is no harm in adding root server identifiers to the priming configuration, they are not useful for the root priming process.”


> I think bind does use this by default, and I _think_ this is okay
> with this draft since the point is that it shouldn't solely rely on those
> addresses.  That is, it should use that as a list of initial target addresses,
> but still use the NS priming process to get the current set of A/AAAA records
> for the roots.  I guess what I'm asking is that if that language could be
> softened a bit to say that this file _could_ be used as that initial address
> configuration?

I think we can make this clearer by adding an example of a root server identifier as the thing that should not be used; we'll do so in the next version.
[JMC] That seems like it would definitely help.  Thanks!

Joe

v2.37.1 | Report a Bug | By Email | System Status