[DNSOP] Robert Wilton's No Objection on draft-ietf-dnsop-nsec-ttl-04: (with COMMENT)
Robert Wilton via Datatracker <noreply@ietf.org> Tue, 18 May 2021 15:04 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D35E3A1626; Tue, 18 May 2021 08:04:06 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Robert Wilton via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-dnsop-nsec-ttl@ietf.org, dnsop-chairs@ietf.org, dnsop@ietf.org, tjw.ietf@gmail.com, tjw.ietf@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.29.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Robert Wilton <rwilton@cisco.com>
Message-ID: <162135024662.12090.17595940999634564709@ietfa.amsl.com>
Date: Tue, 18 May 2021 08:04:06 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/WpOB8GL8fOAsCLhT_D0HwW5FUAM>
Subject: [DNSOP] Robert Wilton's No Objection on draft-ietf-dnsop-nsec-ttl-04: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 May 2021 15:04:07 -0000
Robert Wilton has entered the following ballot position for draft-ietf-dnsop-nsec-ttl-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec-ttl/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Hi, Thanks for this document. Regarding: 3.4. Updates to RFC8198 [RFC8198] section 5.4 (Consideration on TTL) is completely replaced by the following text: | The TTL value of negative information is especially important, | because newly added domain names cannot be used while the negative | information is effective. | | Section 5 of [RFC2308] suggests a maximum default negative cache | TTL value of 3 hours (10800). It is RECOMMENDED that validating | resolvers limit the maximum effective TTL value of negative | responses (NSEC/NSEC3 RRs) to this same value. | | A resolver that supports aggressive use of NSEC and NSEC3 MAY | limit the TTL of NSEC and NSEC3 records to the lesser of the | SOA.MINIMUM field and the TTL of the SOA in a response, if | present. It MAY also use a previously cached SOA for a zone to | find these values. I'm not a DNS expert, and this is just a non binding comment, but I was wondering why it is only "MAY" limit the TTL on NSEC and NSEC3 records to the lesser of the SOA.MINIMUM field and the TTL of the SOA in a response rather than a "SHOULD". Regards, Rob
- [DNSOP] Robert Wilton's No Objection on draft-iet… Robert Wilton via Datatracker
- Re: [DNSOP] Robert Wilton's No Objection on draft… Peter van Dijk
- Re: [DNSOP] Robert Wilton's No Objection on draft… Rob Wilton (rwilton)