Hi, we’ve been working on making BIND 9 to use parent-centric delegations and I thought It would be useful to turn this into an Internet-Draft. This was also kind of experiment whether LLM can create something useful if you feed it all the important data and know your subject. The result had been manually curated, I did spent some time reading and updating the document.
I believe this doesn’t infringe Akamai/Nominum patent, but I’ve added a note about the IPR filled against https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-resolver-update/ anyway, as I believe it is better to be transparent about this. That said, I don’t have any lawyer hats nor patent lawyer hats in my closet. I do have all the intermediate results available, so if you are interested send me a private message, I will not post this onto the mailing list. Cheers, Ondrej, with just BIND 9 hat this time > Begin forwarded message: > > From: [email protected] > Subject: New Version Notification for > draft-sury-dnsop-parent-centric-resolver-01.txt > Date: 16 March 2026 at 15:04:24 GMT+8 > To: "Ondřej Surý" <[email protected]>, "Colin Vidal" <[email protected]>, "Evan > Hunt" <[email protected]>, "Ondrej Sury" <[email protected]> > > A new version of Internet-Draft > draft-sury-dnsop-parent-centric-resolver-01.txt has been successfully > submitted by Ondřej Surý and posted to the > IETF repository. > > Name: draft-sury-dnsop-parent-centric-resolver > Revision: 01 > Title: Parent-Centric Delegation Handling in DNS Resolvers > Date: 2026-03-16 > Group: Individual Submission > Pages: 24 > URL: > https://www.ietf.org/archive/id/draft-sury-dnsop-parent-centric-resolver-01.txt > Status: > https://datatracker.ietf.org/doc/draft-sury-dnsop-parent-centric-resolver/ > HTML: > https://www.ietf.org/archive/id/draft-sury-dnsop-parent-centric-resolver-01.html > HTMLized: > https://datatracker.ietf.org/doc/html/draft-sury-dnsop-parent-centric-resolver > Diff: > https://author-tools.ietf.org/iddiff?url2=draft-sury-dnsop-parent-centric-resolver-01 > > Abstract: > > This document specifies a parent-centric behavioral model for DNS > recursive resolvers, in which delegation decisions are always based > on the NS RRset (or DELEG RRset) received from the parent side of a > zone cut and are never overwritten by child-side NS data. > > The parent-centric model eliminates the "two sources of truth" > problem inherent in the current DNS delegation design, closes the > Ghost Domain and Phoenix Domain attack vectors, provides > deterministic behavior in the presence of parent/child NS mismatches, > and enables resolvers to safely accept sibling (out-of-bailiwick) > glue by scoping delegation information to individual zone cuts. It > also provides the behavioral foundation required for deployment of > the DELEG extensible delegation mechanism. > > This document updates RFC 1034 and RFC 1035. > > > > The IETF Secretariat > >
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
