Hello, I submitted draft-fujiwara-dnsop-resolver-update-00 that tries to improve resolver algorithm.
Please read it and comment. I also made a presentation of the same topic at previous DNS-OARC workshop. https://indico.dns-oarc.net/event/25/session/6/contribution/19/material/slides/2.pdf Regards, -- Kazunori Fujiwara, JPRS <[email protected]> > From: [email protected] > > A new version of I-D, draft-fujiwara-dnsop-resolver-update-00.txt > has been successfully submitted by Kazunori Fujiwara and posted to the > IETF repository. > > Name: draft-fujiwara-dnsop-resolver-update > Revision: 00 > Title: Updating Resolver Algorithm > Document date: 2016-11-01 > Group: Individual Submission > Pages: 9 > URL: > https://www.ietf.org/internet-drafts/draft-fujiwara-dnsop-resolver-update-00.txt > Status: > https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-resolver-update/ > Htmlized: > https://tools.ietf.org/html/draft-fujiwara-dnsop-resolver-update-00 > > > Abstract: > Parent side NS RRSet and glue records are all information to access > servers for child zone. However, they may be overwritten by child > zone data (zone apex NS RRSet and other A/AAAA RRSets). The > overwrite makes name resolution unstable and induces vulnerabilities. > RFC 2181 section 5.4.1 specifies trustworthiness of DNS data. And it > is deemed that that all cached data (authoritative data, non- > authoritative data, referrals and glue records) are merged into one. > Resolvers may answer non-authoritative data, referrals and glue > records that should not be returned. This document proposes updating > resolver algorithm that separates the cache to "authoritative data > cache" and "delegation cache". The former is used to answer stub > resolvers, and the latter is used to iterate zones. > > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
