Dear DNSOP,
This revision of the draft addresses comments received by Wes, Libor, and Tim
(changelog below).
I'm inviting the WG to take another read of the document and share your
concerns.
In particular, please re-raise any concerns you might have voiced at a recent
IETF meeting. Tim has listed some of those (at the bottom of [1]), but I'm not
sure which of those are still current or considered settled by those who raised
them.
To make sure everything is discussed with "mail trail", please speak up. Thanks!
[1]: https://mailarchive.ietf.org/arch/msg/dnsop/pocl2z9HwySssCzEyFudg7qm7_E/
[2]: https://mailarchive.ietf.org/arch/msg/dnsop/0eZKEQDzMnkeIDV0qkgY_xT_Kmc/
Changelog:
- Moved Failure Scenarios to appendix
- New failure scenario: DS Breakage due to Replication Lag
- Point out zero overhead if nothing changed, and need to retain manual
out-of-band interface
- Editorial changes
- Make nits tool happy
There's outstanding editorial feedback from Libor [2] which I'll address later
this week.
Thanks,
Peter
On 6/26/23 09:43, internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts
directories. This Internet-Draft is a work item of the Domain Name System
Operations (DNSOP) WG of the IETF.
Title : Consistency for CDS/CDNSKEY and CSYNC is Mandatory
Author : Peter Thomassen
Filename : draft-ietf-dnsop-cds-consistency-01.txt
Pages : 11
Date : 2023-06-26
Abstract:
Maintenance of DNS delegations requires occasional changes of the DS
and NS record sets on the parent side of the delegation. RFC 7344
automates this for DS records by having the child publish CDS and/or
CDNSKEY records which hold the prospective DS parameters. Similarly,
RFC 7477 specifies CSYNC records to indicate a desired update of the
delegation's NS (and glue) records. Parent-side entities (e.g.
Registries, Registrars) typically discover these records by querying
them from the child, and then use them to update the delegation's DS
RRset accordingly.
This document specifies that when performing such queries, parent-
side entities MUST ensure that updates triggered via CDS/CDNSKEY and
CSYNC records are consistent across the child's authoritative
nameservers, before taking any action based on these records.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-cds-consistency/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-dnsop-cds-consistency-01.html
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-dnsop-cds-consistency-01
Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
--
Like our community service? 💛
Please consider donating at
https://desec.io/
deSEC e.V.
Kyffhäuserstr. 5
10781 Berlin
Germany
Vorstandsvorsitz: Nils Wisiol
Registergericht: AG Berlin (Charlottenburg) VR 37525
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
