During previous discussions of the edns-key-tag draft, some people argued that it would be better to convey key tags as query names, rather than EDNS0 options.
Perhaps the best argument against the EDNS0 option is that since EDNS0 is hop-by-hop, some resolvers and other meddleboxes won't know to forward the option unless/until they are upgraded to support edns-key-tag. Personally I think EDNS0 is more elegant but its hop-by-hop-ness complicates things. I worry that using query names will reduce the quality of the data because the bar is low -- its so easy to just generate a query. I'd prefer it if the key tag data was tied to some additional indication of validation (i.e., in the same message as the DNSKEY query). I also worry about Geoff Huston's "Zombie Queries" talk from NANOG (https://www.nanog.org/sites/default/files/02%20zombies.pdf). In his experiment he sent one-time-use URLs and DNS queries throughout the Internet and found them getting repeated over and over, day after day. I'd like to hear others' opinions, especially from implementors. DW _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
