This is a nit, but an important one. The draft uses IP addresses that are not from the EXAMPLE-NET (and friends). Also I would suggest to use example IPv6 addresses (AAAA) in the draft instead of the Legacy IP addresses (A) (e.g. RFC 3849).
Please don't do that, 100.1.1.1 belongs to Verizon Business and 200.1.1.1 is Corporacion Andina de Fomento. Thanks, Ondrej -- Ondřej Surý (He/Him) [email protected] My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 2. 7. 2024, at 23:47, Davey Song <[email protected]> wrote: > > Hi folks, > > I noticed the momentum on DNS load balancing and NS selection topics. Our > co-authors have just compiled a draft summarizing the research findings and > best practices in this field, and made some recommendations for developers on > secure and robust NS selection algorithms. Comments are welcome. > > Davey > ---------- Forwarded message --------- > From: <[email protected]> > Date: Wed, Jul 3, 2024 at 2:19 PM > Subject: I-D Action: draft-zhang-dnsop-ns-selection-00.txt > To: <[email protected]> > > > Internet-Draft draft-zhang-dnsop-ns-selection-00.txt is now available. > > Title: Secure Nameserver Selection Algorithm for DNS Resolvers > Authors: Fenglu Zhang > Baojun Liu > Linjian Song > Shumon Huque > Name: draft-zhang-dnsop-ns-selection-00.txt > Pages: 18 > Dates: 2024-07-02 > > Abstract: > > Nameserver selection algorithms employed by DNS resolvers are not > currently standardized in the DNS protocol, and this has lead to > variation in the methods being used by implementations in the field. > Recent research has shown that some of these implementations suffer > from significant security vulnerabilities. This document provides an > in-depth analysis of nameserver selection utilized by mainstream DNS > software and summarizes uncovered vulnerabilities. Furthermore, it > provides recommendations to defend against these security and > availability risks. Designers and operators of recursive resolvers > can adopt these recommendations to improve the security and stability > of the DNS. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-zhang-dnsop-ns-selection/ > > There is also an HTMLized version available at: > https://datatracker.ietf.org/doc/html/draft-zhang-dnsop-ns-selection-00 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > I-D-Announce mailing list -- [email protected] > To unsubscribe send an email to [email protected] > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
