Re: [DNSOP] I-D Action: draft-ietf-dnsop-ns-revalidation-02.txt

Tue, 16 Aug 2022 14:20:18 -0700 

Dear authors.
In the second paragraph of section 3 "Upgrading NS RRset Credibility" 
there is a mention of "Positive responses...", which I am not sure of
its exact meaning. Do you mean ANSWERS>0? Or AA=1?

I'm thinking of a (broken) nameserver that responds to NSs queries with
NXDOMAIN (but does answer to other types)[1]. Is that a positive
response, which should be cached with an authoritative data ranking?

Thanks,

Hugo

[1]: 
https://github.com/dns-violations/dns-violations/blob/master/2018/DVE-2018-0004.md

On 13:31 07/03, [email protected] wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> This draft is a work item of the Domain Name System Operations WG of the IETF.
> 
>         Title           : Delegation Revalidation by DNS Resolvers
>         Authors         : Shumon Huque
>                           Paul Vixie
>                           Ralph Dolmans
>       Filename        : draft-ietf-dnsop-ns-revalidation-02.txt
>       Pages           : 7
>       Date            : 2022-03-07
> 
> Abstract:
>    This document recommends improved DNS [RFC1034] [RFC1035] resolver
>    behavior with respect to the processing of Name Server (NS) resource
>    record sets (RRset) during iterative resolution.  When following a
>    referral response from an authoritative server to a child zone, DNS
>    resolvers should explicitly query the authoritative NS RRset at the
>    apex of the child zone and cache this in preference to the NS RRset
>    on the parent side of the zone cut.  Resolvers should also
>    periodically revalidate the child delegation by re-quering the parent
>    zone at the expiration of the TTL of the parent side NS RRset.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-ns-revalidation/
> 
> There is also an HTML version available at:
> https://www.ietf.org/archive/id/draft-ietf-dnsop-ns-revalidation-02.html
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-ns-revalidation-02
> 
> 
> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
> 
> 
> _______________________________________________
> DNSOP mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dnsop
>

Attachment: signature.asc
Description: PGP signature

_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to