Hi Wes, This is a useful draft, thanks very much.
Is it the case that this is from the perspective of a network operator running the resolver, where the network operator could be an organisation running its own network and resolvers? If so it might be worth stating this in the introduction. Thanks, Jim On 2026-06-01, 23:18, "Wes Hardaker" <[email protected]> wrote: !-------------------------------------------------------------------| This Message Is From an External Sender This message came from outside your organization. |-------------------------------------------------------------------! In the last DNSOP meeting we held two discussions about different approaches to serving the root zone from DNS resolvers. The ensuing discussion centered on "why something like LocalRoot / RootCache technologies might be a good thing" and the discussion participants specifically wanted to see what benefits LocalRoot / RootCache technologies were providing that differed from existing technologies. So I set out to produce a document showing the differences in functionality brought to various problems by the following protocol extensions when communicating with the root server system: - QName Minimization - Aggressive NSEC - Encrypted and Authenticated DNS - Serve Stale - DNSSEC - LocalRoot [note: This is not so much a "versus" list as comparison, but the subject line was shorter using "vs"] The first document below (draft-hardaker-dnsop-rss-usage-considerations) has the complete write up. I'm sure it's not complete and other people may have opinions (I hope). I don't necessarily think it needs to be published in the long run, but is written as an IETF draft as that's what we're all used to reading. If you just want a summary, here's the table from the end of it. Obviously, I suggest you read the draft instead (it's short). |---------------|-----------|------------|-----------|-------------|--------|-----------| | | QName-Min | Aggr.-NSEC | Encr/Auth | Serve-Stale | DNSSEC | LocalRoot | |---------------|-----------|------------|-----------|-------------|--------|-----------| | Privacy | Signif | Signif | Moderate | | | Complete | | Disconnection | | | | Signif | | Complete* | | Auth Prot | | | Complete | | Signif | Complete | | Non-auth Prot | | | Complete | | Signif | Complete | | Bit Flipping | | | Signif | | Signif | Signif | | Latency | | Signif | | | | Complete | |---------------|-----------|------------|-----------|-------------|--------|-----------| [Signif = "Significant"] Technology comparisons: - https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-hardaker-dnsop-rss-usage-considerations/__;!!JYsgTRAg6ZQ!NgnZTFptMQxV9BLLMW4sUfrFDbeHGCqIa_q705KYP9ChJpdLE4owRCO4Ie3PuJE3Mhx35sD5Rcvcpba6Q2Kb$ LocalRoot specific documents: - https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-wkumari-dnsop-localroot-bcp/__;!!JYsgTRAg6ZQ!NgnZTFptMQxV9BLLMW4sUfrFDbeHGCqIa_q705KYP9ChJpdLE4owRCO4Ie3PuJE3Mhx35sD5RcvcpdjBO4vk$ - https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-hardaker-dnsop-dns-xfr-scheme/__;!!JYsgTRAg6ZQ!NgnZTFptMQxV9BLLMW4sUfrFDbeHGCqIa_q705KYP9ChJpdLE4owRCO4Ie3PuJE3Mhx35sD5RcvcpVWthVrq$ - https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-hardaker-dnsop-root-zone-publication-points/__;!!JYsgTRAg6ZQ!NgnZTFptMQxV9BLLMW4sUfrFDbeHGCqIa_q705KYP9ChJpdLE4owRCO4Ie3PuJE3Mhx35sD5RcvcpeLdNgy2$ - https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-hardaker-dnsop-root-zone-pub-list-guidelines/__;!!JYsgTRAg6ZQ!NgnZTFptMQxV9BLLMW4sUfrFDbeHGCqIa_q705KYP9ChJpdLE4owRCO4Ie3PuJE3Mhx35sD5RcvcpUlnSAcr$ -- Wes Hardaker Google _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
