Re: [DNSOP] kskroll-sentinel responses

2018-01-03 Thread Paul Hoffman
On 3 Jan 2018, at 1:11, Ray Bellis wrote: On 02/01/2018 23:37, Paul Hoffman wrote: This answer doesn't seem to fully address Robert's and Ray's questions. Why use an A/ query if you aren't going to do anything with the result? If you are going to use A/, you have to tell resolvers

Re: [DNSOP] kskroll-sentinel responses

2018-01-03 Thread Ray Bellis
On 02/01/2018 23:37, Paul Hoffman wrote: > This answer doesn't seem to fully address Robert's and Ray's questions. > Why use an A/ query if you aren't going to do anything with the > result? If you are going to use A/, you have to tell resolvers what > to return in the results. Using a

Re: [DNSOP] kskroll-sentinel responses

2018-01-02 Thread Geoff Huston
> On 3 Jan 2018, at 1:33 pm, Geoff Huston wrote: > >> This answer doesn't seem to fully address Robert's and Ray's questions. Why >> use an A/ query if you aren't going to do anything with the result? If >> you are going to use A/, you have to tell resolvers what to

Re: [DNSOP] kskroll-sentinel responses

2018-01-02 Thread Geoff Huston
> This answer doesn't seem to fully address Robert's and Ray's questions. Why > use an A/ query if you aren't going to do anything with the result? If > you are going to use A/, you have to tell resolvers what to return in the > results. Using a new RRtype would have clearer semantics.

Re: [DNSOP] kskroll-sentinel responses

2018-01-02 Thread Paul Hoffman
On 23 Dec 2017, at 11:59, Geoff Huston wrote: On 22 Dec 2017, at 8:44 am, Ray Bellis wrote: On 21/12/2017 15:36, Robert Story wrote: I reread the draft today, and noticed that two things aren't specified. The first is the contents of the A/ RRSET returned, and the

Re: [DNSOP] kskroll-sentinel responses

2017-12-23 Thread Paul Hoffman
On 23 Dec 2017, at 11:59, Geoff Huston wrote: In situations where a client may have multiple resolvers in their local /etc/resolv.conf configuration, and recursive resolvers may themselves /use forwarders, it is not immediately obvious which resolver generated the response, so I’m unsure of

Re: [DNSOP] kskroll-sentinel responses

2017-12-23 Thread Geoff Huston
> On 22 Dec 2017, at 8:44 am, Ray Bellis wrote: > > > > On 21/12/2017 15:36, Robert Story wrote: >> I reread the draft today, and noticed that two things aren't specified. >> The first is the contents of the A/ RRSET returned, and the second >> is the TTL for the

Re: [DNSOP] kskroll-sentinel responses

2017-12-21 Thread Ray Bellis
On 21/12/2017 15:36, Robert Story wrote: > I reread the draft today, and noticed that two things aren't specified. > The first is the contents of the A/ RRSET returned, and the second > is the TTL for the records. > > Maybe the A/ record values could be used to return additional >

[DNSOP] kskroll-sentinel responses

2017-12-21 Thread Robert Story
I reread the draft today, and noticed that two things aren't specified. The first is the contents of the A/ RRSET returned, and the second is the TTL for the records. Maybe the A/ record values could be used to return additional details? For example, whether or not the key is part of