Hi,
A couple of notes taken on a flight, on draft-fujiwara-dnsop-bad-dns-auth-02 and draft-fujiwara-dnsop-dns-transport-issue-00.
There are a number of issues in the text and spec (just one detail: in dns-auth-02, if the authoritative DNS server admins ensure that there aren't RRsets which would result in the use of TCP, maybe it doesn't need to be enabled?).
However, the bigger issue is IMHO that the documents are not sufficiently clear and focused: - what are the real problems? - what are the drafts intending to do about it? (if I'd have to guess, I'd guess that they intend to make recommendations and implementation requirements for DNS servers and DNS server administrators)
Doing this might make sense, but based on these two, I'm not yet seeing the "big picture" what kind of advice or specification we need to tell and to whom -- and what is the right place to do that.
As it is, currently these seem to be rather unfocused list of issues and some recommendations, without any clear structure or "high level" perspective.
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
