Thanks for this very clear overview. I largely agree with the descriptions and conclusions.
Nit: The last paragraph of Section 2.3 seems to have some grammar problems. On Mon, Jun 1, 2026, 6:18 PM Wes Hardaker <[email protected]> wrote: > > > > In the last DNSOP meeting we held two discussions about different > approaches to serving the root zone from DNS resolvers. The ensuing > discussion centered on "why something like LocalRoot / RootCache > technologies might be a good thing" and the discussion participants > specifically wanted to see what benefits LocalRoot / RootCache > technologies were providing that differed from existing technologies. > So I set out to produce a document showing the differences in > functionality brought to various problems by the following protocol > extensions when communicating with the root server system: > > - QName Minimization > - Aggressive NSEC > - Encrypted and Authenticated DNS > - Serve Stale > - DNSSEC > - LocalRoot > > [note: This is not so much a "versus" list as comparison, but the > subject line was shorter using "vs"] > > The first document below (draft-hardaker-dnsop-rss-usage-considerations) > has the complete write up. I'm sure it's not complete and other people > may have opinions (I hope). I don't necessarily think it needs to be > published in the long run, but is written as an IETF draft as that's > what we're all used to reading. > > If you just want a summary, here's the table from the end of it. > Obviously, I suggest you read the draft instead (it's short). > > > |---------------|-----------|------------|-----------|-------------|--------|-----------| > | | QName-Min | Aggr.-NSEC | Encr/Auth | Serve-Stale | > DNSSEC | LocalRoot | > > |---------------|-----------|------------|-----------|-------------|--------|-----------| > | Privacy | Signif | Signif | Moderate | | > | Complete | > | Disconnection | | | | Signif | > | Complete* | > | Auth Prot | | | Complete | | > Signif | Complete | > | Non-auth Prot | | | Complete | | > Signif | Complete | > | Bit Flipping | | | Signif | | > Signif | Signif | > | Latency | | Signif | | | > | Complete | > > |---------------|-----------|------------|-----------|-------------|--------|-----------| > > [Signif = "Significant"] > > > Technology comparisons: > - > https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-hardaker-dnsop-rss-usage-considerations/__;!!Bt8RZUm9aw!_LYHDF5Mpldr8mTykxHt26pFZfIi7p0_qNED6icZ5uPNre7047bsd_4TqLOmdYWPqZylRKtVPT1J2Q$ > > LocalRoot specific documents: > - > https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-wkumari-dnsop-localroot-bcp/__;!!Bt8RZUm9aw!_LYHDF5Mpldr8mTykxHt26pFZfIi7p0_qNED6icZ5uPNre7047bsd_4TqLOmdYWPqZylRKtOO067qw$ > - > https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-hardaker-dnsop-dns-xfr-scheme/__;!!Bt8RZUm9aw!_LYHDF5Mpldr8mTykxHt26pFZfIi7p0_qNED6icZ5uPNre7047bsd_4TqLOmdYWPqZylRKs3Rbs4jg$ > - > https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-hardaker-dnsop-root-zone-publication-points/__;!!Bt8RZUm9aw!_LYHDF5Mpldr8mTykxHt26pFZfIi7p0_qNED6icZ5uPNre7047bsd_4TqLOmdYWPqZylRKvcYVD7LQ$ > - > https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-hardaker-dnsop-root-zone-pub-list-guidelines/__;!!Bt8RZUm9aw!_LYHDF5Mpldr8mTykxHt26pFZfIi7p0_qNED6icZ5uPNre7047bsd_4TqLOmdYWPqZylRKsT4u0g3w$ > > > -- > Wes Hardaker > Google > > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
