Re: [DNSOP] Call for Adoption: draft-hardaker-dnsop-nsec3-guidance
Wes Hardaker <wjhns1@hardakers.net> Fri, 21 May 2021 16:01 UTC
Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7AEA3A15D4 for <dnsop@ietfa.amsl.com>; Fri, 21 May 2021 09:01:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FvGA66D_jzQy for <dnsop@ietfa.amsl.com>; Fri, 21 May 2021 09:01:16 -0700 (PDT)
Received: from mail.hardakers.net (mail.hardakers.net [168.150.192.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54D1D3A15D3 for <dnsop@ietf.org>; Fri, 21 May 2021 09:01:16 -0700 (PDT)
Received: from localhost (unknown [10.0.0.3]) by mail.hardakers.net (Postfix) with ESMTPA id 86787258B0; Fri, 21 May 2021 09:01:13 -0700 (PDT)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Tony Finch <dot@dotat.at>
Cc: Wes Hardaker <wjhns1@hardakers.net>, Vladimír Čun át <vladimir.cunat+ietf@nic.cz>, DNSOP Working Group <dnsop@ietf.org>
References: <bfaa3ab3-3d96-dcec-a175-5803de03d852@NLnetLabs.nl> <eb62e04b-2511-ac14-b2e1-c29eab64acfc@nic.cz> <yblwns5ckje.fsf@w7.hardakers.net> <d72220fe-8a6b-d8e6-8b3-1749faddb4fb@dotat.at>
Date: Fri, 21 May 2021 09:01:13 -0700
In-Reply-To: <d72220fe-8a6b-d8e6-8b3-1749faddb4fb@dotat.at> (Tony Finch's message of "Tue, 11 May 2021 22:33:44 +0100")
Message-ID: <ybl1ra0axfa.fsf@w7.hardakers.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ubOd05q4q1laoD7Xv1p1g1MserU>
Subject: Re: [DNSOP] Call for Adoption: draft-hardaker-dnsop-nsec3-guidance
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 May 2021 16:01:21 -0000
Tony Finch <dot@dotat.at> writes: > The draft is operational advice, so I think the relevant advice here is > that if you are signing your zone with sloooow NSEC3 parameters, make sure > your secondaries are willing to serve such a zone first. [this is sort of unrelated to the call for adoption, is good discussion about future text] So, what guidance do we want to insert? We have two potential guidance to include: guidance for primaries and guidance for secondaries. Maybe something like (better wordsmithing needed still): Operators of secondary services should advertise the parameter caps their servers will support. Primaries need to ensure that secondaries support the NSEC3 parameters they expect to use in their zones. Primaries, after changing parameters, should query their secondaries with appropriate known non-existent queries to verify the secondary servers are responding as expected. -- Wes Hardaker USC/ISI
- [DNSOP] Call for Adoption: draft-hardaker-dnsop-n… Benno Overeinder
- Re: [DNSOP] [Ext] Call for Adoption: draft-hardak… Paul Hoffman
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Tony Finch
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Daniel Migault
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Vladimír Čunát
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Peter van Dijk
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Olafur Gudmundsson
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Brian Dickson
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Paul Wouters
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Paul Wouters
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Matthijs Mekking
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Roy Arends
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Wes Hardaker
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Wes Hardaker
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Tony Finch
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Vladimír Čunát
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Wes Hardaker
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Puneet Sood
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Loganaden Velvindron
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Benno Overeinder
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Tony Finch
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Wes Hardaker
- Re: [DNSOP] Call for Adoption: draft-hardaker-dns… Wes Hardaker