[Iotops] Re: Review of draft-ietf-iotops-iot-dns-guidelines-03

Jim Mozley <jmozley@infoblox.com> Tue, 19 May 2026 08:44 UTC

Return-Path: <jmozley@infoblox.com>
X-Original-To: iotops@mail2.ietf.org
Delivered-To: iotops@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 267E9F092CF9 for <iotops@mail2.ietf.org>; Tue, 19 May 2026 01:44:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1779180286; bh=EOetU0Ro6LLxaJXQ0vP83X9V+n6+fuumLW+rgrcbUko=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=YHruM2HKE01I8rpVeP8BlLBSVPibakvSHqA7guprS0zSDXTQxeYYa4BsdclM5ouNm y6iHAxQYRzHeab7eK2T/JBNqrN2/l4IG3/MiPdE2Rj5ZX/GPwzyMakg/+OY2lrRGM7 Re6kot3MmvSIWxO0YVAwQQyV2tXmQSNvCNzK2Jg8=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=infoblox.com header.b="snpWCyuA"; dkim=pass (1024-bit key) header.d=infoblox.onmicrosoft.com header.b="IS8KXXY7"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nj_ZGGCaE_4g for <iotops@mail2.ietf.org>; Tue, 19 May 2026 01:44:45 -0700 (PDT)
Received: from mx0a-00333e01.pphosted.com (mx0a-00333e01.pphosted.com [148.163.145.155]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id A5C93F092CF4 for <iotops@ietf.org>; Tue, 19 May 2026 01:44:42 -0700 (PDT)
Received: from pps.filterd (m0158918.ppops.net [127.0.0.1]) by mx0a-00333e01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64J8Vn9o2670881; Tue, 19 May 2026 01:44:42 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infoblox.com; h= cc:content-id:content-transfer-encoding:content-type:date:from :in-reply-to:message-id:mime-version:references:subject:to; s= PPS012926; bh=EOetU0Ro6LLxaJXQ0vP83X9V+n6+fuumLW+rgrcbUko=; b=sn pWCyuA+5TW8CcoWChgMh04/Is68lCDyx1i50HqihGBVJikMv2sFXF0BGyVeTjc3G KFGqa2zIaHDZJM8PIu0Jpmuh85jFXpQYgiQSRy4FN6fDtjGczoW8f9fE0R/XJdbh caK/9p9r1xEg7bUa+F84+0L4Xcr9dVlnXrjtk+1L7WAcYy6Nn8oEQMzpP7OVxWpw WH7qeLJ4j/GRvxmd0tf8jtrEq+a+kYPydbpx1ifwja4Pw6Nmwh/oU/W5KZoFNXNl za9hq0z3LNS4UN72135VnIq5s1QA0Gzqa2wKsejezVP2B4a7u3+ETp+2EpC/Cd65 tM0vw5jz6J8nMaX177yw==
Received: from bl2pr02cu003.outbound.protection.outlook.com (mail-eastusazon11021126.outbound.protection.outlook.com [52.101.52.126]) by mx0a-00333e01.pphosted.com (PPS) with ESMTPS id 4e87yg2wt4-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK); Tue, 19 May 2026 01:44:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=xpU6qccmreTNmGQJPHjQLKtLdzewKRHNnFgdgLqfTcFSsc6TTFqTXqJCA6SeIZ3/O0bdxwL59/KflfZ0Artr69ZVOjKb1DRmPJfK+Wm0thznB/dQpXKYUOdueSXsCzSqzso53CRSwacOTqZbzDERq6FNSZcGG/HiCtILy3Jt2VZYQl0baeeG5I5whKEjpCd7jMOrc7lfophGTf4wiLaveTBMWMcA+BQuUvx6TDlXf6EnWhoLguYiak8qwbcGWXGcuovUM86SWUTme/bg25AINVNYTniaNExjlOe44Nf4SEgq9HHlVsa0VxAXxaWUEoFVz0eGuyWtIQ6rTzoQjtr0lw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EOetU0Ro6LLxaJXQ0vP83X9V+n6+fuumLW+rgrcbUko=; b=qJQMPCbTy6dPFDlcgUMknqctjUjG6C0tlRrrpQbD2/5tlNOkdyynR6FjEvx3ZGXma/kr7zrMOyJ+A/bkzehE1ngNbvPyIt/0UiVFpGE7N0HksF/mns34xz7cj7Q19NdUwyRFfe4L6D/vxcLwEV1bQJ3fr8rKlCeLYmvqXfwz64oM0nyA/aB4fYIb2zFtW9UjwJMCjMwrputQW2/kxoCeKJqD9QwDNKz0s9ljJbgdJk7ZaZvQrM6yKUTynHjc+ihON/GVr5/pj/8Q7gitb7WFirFkUaB1w6NuH/RdgcxAmQimdg+nqBJeA1BQs4esHdLprbUybwR5XPwS1wnqnxrihQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=infoblox.com; dmarc=pass action=none header.from=infoblox.com; dkim=pass header.d=infoblox.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infoblox.onmicrosoft.com; s=selector2-infoblox-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EOetU0Ro6LLxaJXQ0vP83X9V+n6+fuumLW+rgrcbUko=; b=IS8KXXY77BoQJKtQ0dmf7Zjaph5+8vOAcMcPw/VeXxdzR3bZVW0D/oOeyFfLmS7Evx/Dje48Q4s7F51mbg8HLp6CPd3Pg7SxWTn0B/eOkgMOC8EFlO1mAxMLK7L/8a79o5Nwkdu4kq9W9EeQM93+7/PNx+PC6ve+moVsUH0T7D4=
Received: from DS0PR07MB11687.namprd07.prod.outlook.com (2603:10b6:8:28f::24) by BY5PR07MB8088.namprd07.prod.outlook.com (2603:10b6:a03:1c6::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.24; Tue, 19 May 2026 08:44:38 +0000
Received: from DS0PR07MB11687.namprd07.prod.outlook.com ([fe80::1784:20b7:1d36:bcdc]) by DS0PR07MB11687.namprd07.prod.outlook.com ([fe80::1784:20b7:1d36:bcdc%6]) with mapi id 15.21.0025.023; Tue, 19 May 2026 08:44:38 +0000
From: Jim Mozley <jmozley@infoblox.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Thread-Topic: Review of draft-ietf-iotops-iot-dns-guidelines-03
Thread-Index: AQHc5uSHjtyUKUNOOUapuoROyPTbN7YVCZ4A
Date: Tue, 19 May 2026 08:44:38 +0000
Message-ID: <F5C36E32-5495-400C-93EF-0CF15412352E@infoblox.com>
References: <2ef97488-b512-40fa-861b-876d4f15a19f@isode.com>
In-Reply-To: <2ef97488-b512-40fa-861b-876d4f15a19f@isode.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DS0PR07MB11687:EE_|BY5PR07MB8088:EE_
x-ms-office365-filtering-correlation-id: 2d917a39-5dae-4d37-4195-08deb582dcba
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|22082099003|18002099003|56012099003|38070700021;
x-microsoft-antispam-message-info: vCfnTkVonNwyXvc+JtYKhPz3TC35WriQrY9e+SRu9DqT2Jd+9L3WNzhxHwDWkQPHwqQlS4c/27iSSCq3dRblGIgZBZESSvCnDjlfkmW4vTD2E1zvNgk2jJdzoswotJRVJks3ASjjwyT66UKR/GFX2Jce8oResRfFqJA6uVgUOLAhQ5gQ/YSP4NZ8bVPrNOipfHFB+Fs+MOgfuDBfoFfQvc+j93hI7vqmUPYUKRusVl/kdzFGhVzt1KX1mHoAydrqGzj0/GwTKtEYLMrbQEhMUIV4sgtokNJCsVaj6yR5+fJmqeSozHgbUomgtjVqTLNXf5XB2dNOBKofL0WfxuMDx+TesVQy8uLXRNQoQpAEmqXyqK8k5BT6VPscOMs6r72PzI7OKRhvhKppHtnkt/MdLLk+rjDAj58GsoI0fsUpunj4boJHE/mw+5U85ZDdWd+6hx7JNQOX3Xz8M2LpOAwpOXO5GrTK4TG6pM/TUx8m8JdHlad49i8+lFhnOPIL++LkaFMOoF8+VGAlgkNxZ7eCr0PXsxR7SsBlZkFLA8T041y5RxQkSd4TCuRkkaMtvC5T5fYUqTd/ehQtNRpSwS+pO5f61X8DEu+cB245PFbHIMvmow05JhIvSHodS1O5hZAoEkeMV2iXkvRICdN2QyD4+IY2fj5iVx8rnrWLlcS5G7AspUcIlBdL8BVA5pfKLArWxQ8MPNz+2aVFo4MOt4XmsQxtT5QUcrWWI9SJARWRfV9hmGp9X1O2cVKWPChzaa8d
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR07MB11687.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(22082099003)(18002099003)(56012099003)(38070700021);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: TkSpzaii6f1tHl/c6AmYDydcY1w/mmB5gQGafw6ADgqzlVi8zA2jYtbxxoR8kimQQO3NDx692pbIPeF1EkGtWTOuk72FIt1i8PmtTyS+sOzuoiT2TgGPuX1i3WdgkYduNQfoon/p/C5zzaZ/HyEdXyqgPsGQ79gUzQzXKDHPReP+2Nb65mF1QXKKzoMS27HxY5UGU/HgEdztscPsGGRXU7uCn8t5cl9k1sdtU378QzpwSWzpyphilLALuCYeKYAIWIto/xuM5t3Zskay7cjXaux8QAryqbW4bIRX2TzkABEFZDQEK0ANxa0HWfTGSJ6aUtmrZUgV2Vl4xenOhFwIXusIgYfGLDS6MpY8VA4z4BVsdEeh6sOWcbwaq5sMrJcN3bgc/2OMCMjWkJLG4L8bBj0zaQmRKeK2fAWHokUbTzA6tkSM62LzLsvomviVJmQookb4SnD8kKLtD4zZP3ZlmMMTd9/PgZsWKlzJ3+SQDtmkiDunD5HYF+pzZOhM7FGPwdQT0mLjeJx/czS4INZqkFMR6fPnZ01yfKRHx80C4dFGBMOzE7325RsvKbbwNlqWfXivwUmbRWyM+lqmwY7Yv7S0cYrUftmDFRotkw4S6KQqeZOjx73nlalj52vSI8+Jo7gnXYgZt76adPZiW4tz1PY2rCFintUYjkmnFxmkzJYZshTUqQXLZw6pCaSDp/lNexO00Tq4YPQIyzjsaC+evtuugRDNW1ODV78X0w5n20zjg1g60Gqie0BUlC4JQmrVa95go6WtZEH2/McK96naNN6SKXQrbCMI5068j1ls6JWkmMvg3IsD2jq+tUKsASowE7Z4UgBnwTKvCUlO1N00L4A+H1+SX18mu38OxhfELjTTdHUQ0p9n+5yJpuC0ojXV7Rl2f0v/YlxrYRnzBVALEMqa9DXrghIyYopmcK3oJDutV/0gLHyOL2gNvQpNMQxjEZp405fRK3XTjbE6mYv4ei4rI7tVv+8bz3GHmbizH9/soC3JzYR3Vi9jdk6UEMWCqisdrtCE9jVeE8ZjNRnJSWMG0mx6AMUSczirK0b1VwuaPAsYet5Xtcr/BqtRF7Cfw1jCupImXeiV2pVQU3nMor6yP1inbBVOonoj8M0Pos5t55zw05JANbtUlXouoQLx+tjifgp5ujtff5DbQ5S73wPjejFPPZ91EDnuDY6Rs5mzSG3AKFyrbBMtD61UbnfN/26U79P/YtabAlV6cBiKwnbXw9fcv8TuGQsLGzhkYSFrxN4AkzigFYnnIoNdHipfMWGmhSLPCsLWeBglwkzJ8E/INztD6G9DBO3NKMZn9wVOaoQ2e4I4AnVmmP3R3v0DeBQPZP+q3Vd+H+R2Fybbf223QLTZQJ8hE2WWbwNv3pyeCbjUW2gm/ikVmdvXB0MQkodAMBUHvdUIWBOtFp2tPvskxp80Vin0tC7EECRr99ZPR/Rt7xJuTFLpZdYmGY94dPOoDay9FPydOIQzzBk04vyxa+JJhWjI6OeJhiUKPD8SpnD+ScqvRPh2wOZUTZgqDNTjwlMo1bsl8+VG1eNRAmCF9W8GT72MaLmWRfVSVbee9VkLcUniIeckT/GkUThZ1RfaPMlxnWAMFjFlbzwQolwSTHb+UdZcOtwGKnnccVS0avTd9PawnEFN/OoCHM0xl3IXvdGYP+x5w8QOFILqSziHiWnyKnaA7vX6c663EHh39PzYxFxB6qTpfgvYpqGDcPFkhsme+enonzuKUT+6yA==
Content-Type: text/plain; charset="utf-8"
Content-ID: <F202C826C4373C4B93B6605E57382DEB@namprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Exchange-RoutingPolicyChecked: Y2tbdCWlO5lOq3ip7+mVy0N8z8sWcN0xlDfHvyWJgQl2ti8WzIoz8U+WNK45kBbmEU1cZX3uZ5Fjp6wbjc5MFJlRhXcj3hp8hOpJoLXGvJrdMt3Lf8TVkJsEtT5VntdF7oGW6wi8Si2lyOz6YTkUtTN49Jb2+spfyrK7VWk9VOem1adMFyJbH4yo9ZNNzAA4cyQOeWsyqH5y/WUKF0mo1ruRMNhmagPUGspswpmqTR6GKxeqN9Ypx2jf/u5eF4w0xB8ExntNOiW76GdBSlOZY/rX7QVwJX+ZFwC9J2P7gat3BjASSgb6YkeSXefXYH3xt7xqzrXomj6xcIbTMur7FA==
X-OriginatorOrg: infoblox.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DS0PR07MB11687.namprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2d917a39-5dae-4d37-4195-08deb582dcba
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 May 2026 08:44:38.6545 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ccf6dc4a-9fe9-4c20-85a6-46d2709e8435
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Qxj19VkRW8JdZlnOE/U4J2ZIfCBDkMv+66YBp9XV4EmZbG2fXC/EIZj07kp8nUYrB6b96d6x8e07aGEa94/AbQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR07MB8088
X-Authority-Analysis: v=2.4 cv=bKAm5v+Z c=1 sm=1 tr=0 ts=6a0c22fa cx=c_pps a=2GFS+sGz/zNhX7meIfpAvQ==:117 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=IkcTkHD0fZMA:10 a=NGcC8JguVDcA:10 a=6McrpMcm8_UA:10 a=VkNPw1HP01LnGYTKEx00:22 a=QpYJO4PCzD4UJx2roCRV:22 a=_F23f-fQ0mINieQ1jQ3W:22 a=APQWWo9-AAAA:8 a=7ax3Yd0V75WA-ltWF7gA:9 a=QEXdDO2ut3YA:10 a=R_jZrjSo4WHIXdXz0ttR:22
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTE5MDA4NSBTYWx0ZWRfXzx7t1DYe0rJ9 HuSItxCDw3pfvMZLd8ftejlaEjmXtMbvnPPw+9dr2029OeUT5oLD/GP+5XfwaFIqGTD1k+8HDdH PfuzWfMs7qBCP5nQIHWp36WvXP8yZEGYK0Ar33C3nehPF2E+myuKFro1lJEAaj06EejbhOCkiTt j1etLQSfxJqUTUrF6dafWpMdsNQISnrEQIxJybk6SWzOHJP3JmATfnIuK0UVfa2GeOnJdfYKFXZ TPm429nt6DB7orqbTKxnhSRCQubyGoU5b94dsTvp8oReS+1HrD4mV79uEUgC6DBJLoTNkrOcRkD VewnhmGfQgmuArX07HSDKV9/P7oqNaMJqbq0GqFIsJpHVwJNX5FW3ChSFV5qtxGsIKp05abUHXh Hk8RG1HPCuCi2ssjEneIKzvoKP79s9gKy69lB/Hof1Ti3w0dL8QduttyDxpHjK9e8IuXMNsg2+H 3atcvXw70FT3M5tGabQ==
X-Proofpoint-GUID: IrXyF8y4p7rPmxmpy7O-5z711YRXK_G8
X-Proofpoint-ORIG-GUID: IrXyF8y4p7rPmxmpy7O-5z711YRXK_G8
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-19_02,2026-05-18_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 bulkscore=0 suspectscore=0 clxscore=1011 adultscore=0 spamscore=0 priorityscore=1501 phishscore=0 lowpriorityscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605190085
Message-ID-Hash: DUDVCHJFDSGDMX3IEOADDCR5UBGWTG2Y
X-Message-ID-Hash: DUDVCHJFDSGDMX3IEOADDCR5UBGWTG2Y
X-MailFrom: jmozley@infoblox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "iotops@ietf.org" <iotops@ietf.org>, Abhishek Mishra <abhishek.mishra@inria.fr>, "andrew.losty.23@ucl.ac.uk" <andrew.losty.23@ucl.ac.uk>, Anna Maria Mandalari <a.mandalari@ucl.ac.uk>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Iotops] Re: Review of draft-ietf-iotops-iot-dns-guidelines-03
List-Id: IOT Operations <iotops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/R5jpQlwGv4X_2S5E5ozHTzSiaA4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Owner: <mailto:iotops-owner@ietf.org>
List-Post: <mailto:iotops@ietf.org>
List-Subscribe: <mailto:iotops-join@ietf.org>
List-Unsubscribe: <mailto:iotops-leave@ietf.org>

Hi Alexey,

Thanks for the review and comments, we’ll look to incorporate the feedback. Some comments below...

> On 18 May 2026, at 17:35, Alexey Melnikov <alexey.melnikov@isode.com> wrote:
> 
> !-------------------------------------------------------------------|
> This Message Is From an External Sender
> This message came from outside your organization.
> |-------------------------------------------------------------------!
> 
> Hi,
> 
> (With my participant hat on)
> 
> I am not a DNS expert, so it is hard for me to comment on validity of various DNS related requirements. However the document reads well and generally makes sense to me.
> 
> I have a few very small things that I think it would be worth clarifying:
> 
> 5.2.  Blocking of Unmanaged or Malicious DNS Traffic
> 
>    Where operators have networks dedicated to IoT devices, they MAY
>    limit DNS resolution to only domain names used by those IoT devices
>    to mitigate any impact in the event of a compromise to the device.
>    Manufacturers SHOULD provide domain names used for communication to
> 
> The document doesn't state who would be intended recipients of this information. Network operators? Software Developers?

It would be network operators.

> 
> Also where should this information be published?

Manufacturers would publish this with other support information related to the devices. This might be a link in a device PDF manual containing specification and set-up type information that points to the right support page or get the management domains, so that it allows for potential changes. We can make this a recommendation in the draft.

> 
>    facilitate this and other security measures used to secure devices
>    and identify those that are compromised.  Manufacturer Usage
>    Descriptions (MUDs) can provide details of domain names used in
> 
> MUD needs a reference. An Informative reference would suffice, unless you change the above text in response to my previous comment to make it an implementation requirement.

We can add an informative reference.

> 
>    device operations that can then be added to DNS security controls.
> 
> 
> 5.3.  Availability
> 
>    Providers SHOULD optimize resolver configurations to mitigate the
>    security and operational risks identified in this document, provided
>    that such optimizations do not adversely affect the operation of
>    other DNS clients.
> 
> SHOULD is a bit vague. How can this requirement be tested for compliance? Maybe you can you add a specific reference (to another section of this document) to make this more concrete? Alternatively maybe lowercase it.

We can expand on the different use cases/choices here, but it would be best to avoid expanding this into a section on DNS resolver configuration. Will put some thought into this.

Thanks again for your time in looking at the draft.

Cheers, Jim