[DNSOP] Paul Wouters' Yes on draft-ietf-dnsop-caching-resolution-failures-07: (with COMMENT)
Paul Wouters via Datatracker <noreply@ietf.org> Thu, 07 September 2023 03:56 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D5F9C14F721; Wed, 6 Sep 2023 20:56:06 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Paul Wouters via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-dnsop-caching-resolution-failures@ietf.org, dnsop-chairs@ietf.org, dnsop@ietf.org, andrew@depht.com, andrew@depht.com
X-Test-IDTracker: no
X-IETF-IDTracker: 11.10.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Paul Wouters <paul.wouters@aiven.io>
Message-ID: <169405896629.52551.4213112915591331764@ietfa.amsl.com>
Date: Wed, 06 Sep 2023 20:56:06 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/nKwCUgDpk1eouBKyb64ikb8wrqo>
Subject: [DNSOP] Paul Wouters' Yes on draft-ietf-dnsop-caching-resolution-failures-07: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2023 03:56:06 -0000
Paul Wouters has entered the following ballot position for draft-ietf-dnsop-caching-resolution-failures-07: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dnsop-caching-resolution-failures/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for this document and my apologies for being involved/related to two of the five outages you described :-) Consistent with [RFC2308], resolution failures MUST NOT be cached for longer than 5 minutes. If an expired RRSIG has a TTL of 3600, what should happen? The resolution failed because the signature is no longer valid but the individual components of this validation failure are all successful lookups of RRs that are now in the cache. Wouldn't this result in a resolution failure of 3600? How would an implementation limit this to 5 minutes? By deleting the RRSIG from its cache within 5 minutes, overriding its TTL? If so, is there value stating this in the document? also known as 'lame' I thought the WG agreed the definition of 'lame' was not agreed upon and the term is no longer being favoured for use. Why not just remove this part? To prevent such unnecessary DNS traffic, security-aware resolvers MUST cache DNSSEC validation failures, with some restrictions. What are these "some restrictions" ?
- [DNSOP] Paul Wouters' Yes on draft-ietf-dnsop-cac… Paul Wouters via Datatracker
- Re: [DNSOP] Paul Wouters' Yes on draft-ietf-dnsop… Mark Andrews
- Re: [DNSOP] Paul Wouters' Yes on draft-ietf-dnsop… Paul Wouters
- Re: [DNSOP] Paul Wouters' Yes on draft-ietf-dnsop… Wessels, Duane
- Re: [DNSOP] Paul Wouters' Yes on draft-ietf-dnsop… Paul Wouters
- Re: [DNSOP] Paul Wouters' Yes on draft-ietf-dnsop… Wessels, Duane
- Re: [DNSOP] Paul Wouters' Yes on draft-ietf-dnsop… Paul Wouters