Frederico,
On 03/28/2018 05:06 PM, Frederico A C Neves wrote:
Hi Matthijs,
On Wed, Mar 28, 2018 at 03:31:57PM +0200, Matthijs Mekking wrote:
All,
It's been a while, but I have put up a new version of the MIXFR draft:
https://tools.ietf.org/html/draft-mekking-mixfr-02
The IETF 101 Hackathon lead to the revival of this draft.
Changes after the three year sleep:
- I removed the IXFR Gone Wild section. This document should focus in
the in-band transfer improvements. I know there are others who like to
see and work on a new DNS transfer protocol, but one does not exclude
the other.
- Intended status: Standards track.
- Added a clarification from Bob Harold about class ANY (from 2015).
- Remove ambiguous "Delete All RRsets of a Type".
- Affiliation changes.
Thanks for bringing this back. I like the simplification with the
removal of the wild section.
Thank you.
One comment,
[3.1] As section 3 states that MIXFR is DNSSEC aware we need text
regarding NSEC3PARAM update as well.
For that I suggest to change 3.1 section name and include an extra
paragraph.
3.1 Implicit DNSSEC deletions
When an NSEC3PARAM is modified, the MIXFR client MUST also remove all
existing NSEC3 records on the zone.
I agree that with the current syntax NSEC3 resalting is still a hassle.
But I am not sure if this implicit NSEC3 deletion is the right solution:
One can have multiple chains in the zone, the NSEC3PARAM just signals
that the chain is complete. Signers may have incomplete chains as an
intermediate step of NSEC3 resalting.
I shall add a GitHub issue for this. Thanks for bringing it up!
One clarification question,
At 3.6, last paragraph, what is the practical case that a updated
record has an RDLENGTH of zero bytes?
It is as Richard pointed out not required, but I would like to clarify
the difference between deleting an RRset and replacing an RRset.
Best regards,
Matthijs
Who would like to contribute, review, and all that great fun?
Github is here: https://github.com/matje/mixfr
Best regards,
Matthijs
Fred
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
