Dear DNSOP, This revision of the draft addresses comments received by Wes, Libor, and Tim (changelog below).
I'm inviting the WG to take another read of the document and share your concerns. In particular, please re-raise any concerns you might have voiced at a recent IETF meeting. Tim has listed some of those (at the bottom of [1]), but I'm not sure which of those are still current or considered settled by those who raised them. To make sure everything is discussed with "mail trail", please speak up. Thanks! [1]: https://mailarchive.ietf.org/arch/msg/dnsop/pocl2z9HwySssCzEyFudg7qm7_E/ [2]: https://mailarchive.ietf.org/arch/msg/dnsop/0eZKEQDzMnkeIDV0qkgY_xT_Kmc/ Changelog: - Moved Failure Scenarios to appendix - New failure scenario: DS Breakage due to Replication Lag - Point out zero overhead if nothing changed, and need to retain manual out-of-band interface - Editorial changes - Make nits tool happy There's outstanding editorial feedback from Libor [2] which I'll address later this week. Thanks, Peter On 6/26/23 09:43, internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the Domain Name System Operations (DNSOP) WG of the IETF. Title : Consistency for CDS/CDNSKEY and CSYNC is Mandatory Author : Peter Thomassen Filename : draft-ietf-dnsop-cds-consistency-01.txt Pages : 11 Date : 2023-06-26 Abstract: Maintenance of DNS delegations requires occasional changes of the DS and NS record sets on the parent side of the delegation. RFC 7344 automates this for DS records by having the child publish CDS and/or CDNSKEY records which hold the prospective DS parameters. Similarly, RFC 7477 specifies CSYNC records to indicate a desired update of the delegation's NS (and glue) records. Parent-side entities (e.g. Registries, Registrars) typically discover these records by querying them from the child, and then use them to update the delegation's DS RRset accordingly. This document specifies that when performing such queries, parent- side entities MUST ensure that updates triggered via CDS/CDNSKEY and CSYNC records are consistent across the child's authoritative nameservers, before taking any action based on these records. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsop-cds-consistency/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-dnsop-cds-consistency-01.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-cds-consistency-01 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
-- Like our community service? 💛 Please consider donating at https://desec.io/ deSEC e.V. Kyffhäuserstr. 5 10781 Berlin Germany Vorstandsvorsitz: Nils Wisiol Registergericht: AG Berlin (Charlottenburg) VR 37525 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop