On 22 Jun 2014, at 11:54, John Levine <jo...@taugh.com> wrote: >>> As I understand it, this changes DNS caches so that for the root zone >>> its behavior is somewhere between a cache and a secondary master. >> >> The cache remains precisely a cache. > > I understand that it's still a cache in the DNS hierarchy, but in > operation, it's much more like a secondary master. Like a secondary, > it bulk fetches the zone, answers all queries about that zone from its > own copy, and uses the SOA times to decide when to fetch again.
There are some potentially surprising protocol implications for clients when recursive servers answer authoritatively for particular queries. Specifically, AA and AD bit processing is different. If the suggestion is that a resolver with an AXFR- (or whatever-) sourced root zone should behave identically to a resolver that operates conventionally, then there are protocol changes and corresponding implementation changes needed. This draft proposes significant implementation changes for resolvers anyway, but I'm not convinced anybody has enthusiasm for revisiting the DNSSEC and DNS spec just to support this proposal (but perhaps I'm wrong, and I'm certainly biased in my mental risk/benefit analysis since I think this is a bad idea with very marginal benefit to anybody). If the suggestion is that the different behaviour is commonly observed in the wild and so therefore it's a public service to document it, then I have no problem with that. This document goes further than that, though. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop