I agree. This draft could be summarised as "if you manually configure the servers for a zone, then you can be immune to whatever attacks may happen on the resolution process that would normally lead to those servers"
It seems appropriate as a guide or a documentation on static-stub zones, but not as a RFC. (I disagree with some points on sections 3, 4 and 7, but per above, it's probably not worth to debate them) On 2026-01-18 at 15:00 +0100, Ondřej Surý wrote: > Hi, > > I don't understand the purpose of this document and why it should be > an Internet Standard. > > The document describes static-stub in BIND 9 and Unbound and doesn't > seem to bring > anything new to the table. I might have missed something, but I don't > see a reason why > this needs to be an Informational RFC. > > Ondrej > -- > Ondřej Surý (He/Him) > [email protected] > > > On 14. 1. 2026, at 9:13, 张宾 <[email protected]> wrote: > > > > Dear Chairman, > > > > My name is Bin Zhang. Our team recently submitted one Internet- > > Drafts. > > > > This draft provides a technique for querying the designated > > authoritative server directly on the recursive server at the > > enterprise level. > > . > > The goal of this draft is to help implementers of some > > enterprises make their resolvers more secure. > > > > • Link: draft-zhang-dnsop-zb-01 - A Technique for Querying the > > Designated Authoritative Server Directly on the Recursive Server at > > the Enterprise Level > > > > We believe these drafts fill important gaps in DNS security. We > > will attend IETF 125 in Shenzhen and look forward to discussing > > these topics with the working group. > > > > We welcome any feedback on the mailing list. > > > > Best regards, > > Bin Zhang > > Pengcheng Lab > > > > _______________________________________________ > > DNSOP mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
