On Sat, Aug 3, 2019, at 01:04, Tim Wicinski wrote: > This starts a Call for Adoption for draft-sah-resolver-information
I think that I might have said this before, but I don't think that asking an HTTP server about a DNS server is the right solution. If this is information about the operation of a participant in the DNS protocol, then I think that this needs to use the DNS protocol. For connection-oriented interactions, having the information associated with a connection (and not a server identity) would be even better. This also bakes in the notion that a DNS resolver is identified by IP address. The domain name part is probably OK, but I don't know which trust anchors to use. I think that the document is assuming that we'll use the Web PKI, but it doesn't say that (nor does RFC 8310, as far as I can tell). If you can answer the question "why not DANE?" then you might start to understand my concerns here. The RESINFO RRtype seems OK, but I have less confidence in my ability to assess that aspect of this. The only thing that bothers me is the potential for 1.0.0.10.in-addr.arpa and friends to leak and ruin the protocol for everyone. I realize that there are no good solutions here, but it would be good if there were a little more clarity on the constraints this group thought applied to the design. The inventory thing is fairly irregular. The names of fields are right there already, why insist on repeating them in an array? With all that, I think that it would be premature to assume that this is the right direction. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
