On Thu, Oct 31, 2019 at 3:27 PM Ted Hardie <[email protected]> wrote: > > On Thu, Oct 31, 2019 at 12:06 PM Jim Reid <[email protected]> wrote: >> >> >> There are gazillions of layer-9+ problems around the introduction of new or >> different distribution mechanisms at the root for serving root zone data. >> Not least of these are the interminable ICANN consultations that inevitably >> have to take place for anything remotely related to the root. >> >> Some of those problems will also apply to ADoT deployment at "busy" TLDs and >> their DNS service providers. >> > > I think the point John Levine was making earlier relates to this, though. If > the root zone is signed, it is small enough to keep a copy locally in any > reasonable cache. That means many caching resolvers can avoid using DoT on > queries routed to the root by using AXFR instead, to the servers mentioned > in https://www.dns.icann.org/services/axfr/ or similar servers hosted > elsewhere.
See: https://datatracker.ietf.org/doc/draft-ietf-dnsop-7706bis/ and RFC7706 for details on how.... draft-ietf-dnsop-7706bis is in WGLC, so that's the one people should read). Thank you Ted, for queuing this up so nicely! W > Asking that those AXFR-suitable servers support DoT seems a much more > tractable proposition and it results in the right thing. > > I may have misunderstood John, of course, but that's the point of what I > understood him to be saying. > > regards, > > Ted > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
