[DNSOP] draft-ietf-dnsop-resolver-priming-02
Alfred Hönes <ah@TR-Sys.de> Sun, 01 November 2009 22:10 UTC
Return-Path: <A.Hoenes@TR-Sys.de>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 154673A684E for <dnsop@core3.amsl.com>; Sun, 1 Nov 2009 14:10:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.321
X-Spam-Level: ***
X-Spam-Status: No, score=3.321 tagged_above=-999 required=5 tests=[AWL=-0.530, BAYES_50=0.001, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ltw2gk5P-+j8 for <dnsop@core3.amsl.com>; Sun, 1 Nov 2009 14:10:13 -0800 (PST)
Received: from TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by core3.amsl.com (Postfix) with ESMTP id CA14C3A6823 for <dnsop@ietf.org>; Sun, 1 Nov 2009 14:10:11 -0800 (PST)
Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3.2) id AA047193379; Sun, 1 Nov 2009 23:09:40 +0100
Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id XAA14285; Sun, 1 Nov 2009 23:09:33 +0100 (MEZ)
From: Alfred Hönes <ah@TR-Sys.de>
Message-Id: <200911012209.XAA14285@TR-Sys.de>
To: pk@DENIC.DE, mlarson@verisign.com
Date: Sun, 01 Nov 2009 23:09:33 +0100
X-Mailer: ELM [$Revision: 1.17.214.3 $]
Mime-Version: 1.0
Content-Type: text/plain; charset="hp-roman8"
Content-Transfer-Encoding: 8bit
Cc: dnsop@ietf.org
Subject: [DNSOP] draft-ietf-dnsop-resolver-priming-02
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Nov 2009 22:10:14 -0000
Peter and Matt, hello again! Thanks for reviving the Resolver Priming draft, and amending and restructuring some of the text to enhance the readability and completenes of the reasoning, in draft-ietf-dnsop-resolver-priming-02. (You politely have chosen to not mention these improvements in the document history. :-) ) However, it looks like my previous comments on the -02 version (once ack'ed) have been missed in the recent edits. Below are (A) a few more general comments, followed by (B) notes on the editorial nits (still) present in the memo. (A) General comments (A.1) DISCUSS item in 2.3 | [[Is it OK to send multiple priming queries to multiple targets in | parallel?]] The more conservative, yet perhaps less user friendly approach would be to not allow multiple parallel queries. However, I am not aware of similar restrictions in any DNS related RFCs for any kind of queries. Since we apparently do not have such rules for other queries to root servers, there would need to be strong reasons for interdicting multiple parallel queries. Priming queries can reasonably be expected to be much less frequent than other queries that make it to the root servers, so this in fact might not be an issue at all. (A.2) Section 4, 3rd para -- OBE ! vvvvvvvvvvv | [[At the time of writing, all but one root name server were authoritative for ROOT-SERVERS.NET., even though only a subset received an official delegation.]] At IETF 72, the root server operators had promised to rectify this irregularity; as can be seen now, the first inconsistency indeed has been done in the meantime. So please change the 1st line: vvv | [[At the time of writing, all root name server were authoritative for ROOT-SERVERS.NET., even though only a subset received an official delegation.]] Note: The subset mentioned is {A,F,J,K}.ROOT-SERVERS.NET. Since the whole para is under the premise "At the time of writing", I suggest to give this information as well, as a service to readers of the memo. (A.3) Section 3.1 -- additional discussion To mitigate the effects of SBELT information becoming outdated over time, as described in Section 4, it might be contemplated to 'update' the SBELT information with information obtained in authoritative responses. It remains unclear from Section 3.1 whether such use of priming (or other) responses should be admitted and under which conditions. The strongmost condition would be to require having received and validated signed data -- as soon as DNSSEC signatures for the root zone are available --, but one could consider declaring receipt of the same information from multiple (<n> ... tbd!) root servers as sufficient to allow an auto-update of the SBELT. (B) Editorials (B.1) Section 1, below the quotes fron RFC 1034 Typo: s/seperates/separates/ ^ ^ (B.2) Section 2.3, 1st para -- punctuation For enhanced readability, I suggest inserting a comma as follows: [...]. For resending the priming query to a | different server the random selection SHOULD also be used. --- [...]. For resending the priming query to a | different server, the random selection SHOULD also be used. ^ (B.3) Sections 3.1, 3.3, 4 I suggest to use titlecase fo the special terms related to DNS packets, as these consist of plain english words, and thus titlecase should serve to help avoid possible ambiguities: answer section --> Answer Section (2x) authority section --> Authority Section additional section --> Additional Section (6x) (B.4) Section 3.3, 1st para -- punctuation As above: [...]. To ensure equal | availability the A and AAAA RRSets should have identical TTL values at the authoritative source. [...] --- v [...]. To ensure equal | availability, the A and AAAA RRSets should have identical TTL values at the authoritative source. [...] (B.5) Section 4, 2nd para -- missing verb All DNS root name servers need to be able to provide for all | addresses of all root name servers. This can easily achieved by making all root name servers authoritative for the zone containing the servers' names. --- All DNS root name servers need to be able to provide for all | addresses of all root name servers. This can easily be achieved by ^^^^ making all root name servers authoritative for the zone containing the servers' names. MfG/Kind regards, Alfred Hönes. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+
- [DNSOP] draft-ietf-dnsop-resolver-priming-02 Alfred Hönes