[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[DNSOP] draft-ietf-dnsop-resolver-priming-01
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have read this draft and have some small comments.
First of all, is this draft about priming the NS RRset only, or should
it also consider priming trust anchors. Because you mention priming
queries from the dnsop-dnssec-trust-anchor draft, but you don't cover
these kind of priming queries. If this draft is about priming NS queries
only, you should make this more clear. By the way, a nit: it is not
common to refer to a document that is under revision.
In the introduction you show that the text in section 5.3.3. of RFC 1034
is out of date. Should this document update the RFC?
About 2.1. Target Selection: Can you include a reason why a resolver
MUST select the target randomly and with even probability? I guess it
makes guessing attacks harder or divides the load nicely between all
root servers. I am just curious what the reason is that resolvers *MUST*
do this.
About 2.3. Repeating Priming Queries: Again, what are the reasons for
these parameters? Is 75% if the TTL always more than 24hours?
I think this draft is helpful and I think it would be helpful to include
parameters of priming trust anchor queries.
Regards,
Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI0Lo2IXqNzxRs6egRAtGyAJ9OKCmXpfZjS7UUnP8FOQO4bAGl/gCgjm8Z
wmuIzG83qK4uIo9xBuw4iH4=
=MP37
-----END PGP SIGNATURE-----
___________________________From dnsop-bounces at ietf.org Wed Sep 17 01:05:13 2008
Return-Path: <dnsop-bounces at ietf.org>
X-Original-To: dnsop-archive at optimus.ietf.org
Delivered-To: ietfarch-dnsop-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 5329E28C2A2;
Wed, 17 Sep 2008 01:05:13 -0700 (PDT)
X-Original-To: dnsop at core3.amsl.com
Delivered-To: dnsop at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 1866728C1D3
for <dnsop at core3.amsl.com>; Wed, 17 Sep 2008 01:05:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.599
X-Spam-Level:
X-Spam-Status: No, score=-1.599 tagged_above=-999 required=5 tests=[AWL=1.000,
BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id eLK-JLfa1BNq for <dnsop at core3.amsl.com>;
Wed, 17 Sep 2008 01:05:05 -0700 (PDT)
Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1])
by core3.amsl.com (Postfix) with ESMTP id 4369128C2A2
for <dnsop at ietf.org>; Wed, 17 Sep 2008 01:05:05 -0700 (PDT)
Received: from [192.168.1.7] (ip123-112-174-82.adsl2.static.versatel.nl
[82.174.112.123]) (authenticated bits=0)
by open.nlnetlabs.nl (8.14.3/8.14.3) with ESMTP id m8H85AKT056497
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <dnsop at ietf.org>; Wed, 17 Sep 2008 10:05:11 +0200 (CEST)
(envelope-from matthijs at nlnetlabs.nl)
Message-ID: <48D0BA36.60809 at nlnetlabs.nl>
Date: Wed, 17 Sep 2008 10:05:10 +0200
From: Matthijs Mekking <matthijs at NLnetLabs.nl>
User-Agent: Thunderbird 2.0.0.16 (X11/20080724)
MIME-Version: 1.0
To: dnsop at ietf.org
X-Enigmail-Version: 0.95.0
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0
(open.nlnetlabs.nl [213.154.224.1]);
Wed, 17 Sep 2008 10:05:11 +0200 (CEST)
Subject: [DNSOP] draft-ietf-dnsop-resolver-priming-01
X-BeenThere: dnsop at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop at ietf.org>
List-Help: <mailto:dnsop-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces at ietf.org
Errors-To: dnsop-bounces at ietf.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have read this draft and have some small comments.
First of all, is this draft about priming the NS RRset only, or should
it also consider priming trust anchors. Because you mention priming
queries from the dnsop-dnssec-trust-anchor draft, but you don't cover
these kind of priming queries. If this draft is about priming NS queries
only, you should make this more clear. By the way, a nit: it is not
common to refer to a document that is under revision.
In the introduction you show that the text in section 5.3.3. of RFC 1034
is out of date. Should this document update the RFC?
About 2.1. Target Selection: Can you include a reason why a resolver
MUST select the target randomly and with even probability? I guess it
makes guessing attacks harder or divides the load nicely between all
root servers. I am just curious what the reason is that resolvers *MUST*
do this.
About 2.3. Repeating Priming Queries: Again, what are the reasons for
these parameters? Is 75% if the TTL always more than 24hours?
I think this draft is helpful and I think it would be helpful to include
parameters of priming trust anchor queries.
Regards,
Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI0Lo2IXqNzxRs6egRAtGyAJ9OKCmXpfZjS7UUnP8FOQO4bAGl/gCgjm8Z
wmuIzG83qK4uIo9xBuw4iH4=
=MP37
-----END PGP SIGNATURE-----
___________________________________From dnsop-bounces at ietf.org Wed Sep 17 01:05:13 2008
Return-Path: <dnsop-bounces at ietf.org>
X-Original-To: dnsop-archive at lists.ietf.org
Delivered-To: ietfarch-dnsop-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 5329E28C2A2;
Wed, 17 Sep 2008 01:05:13 -0700 (PDT)
X-Original-To: dnsop at core3.amsl.com
Delivered-To: dnsop at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 1866728C1D3
for <dnsop at core3.amsl.com>; Wed, 17 Sep 2008 01:05:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.599
X-Spam-Level:
X-Spam-Status: No, score=-1.599 tagged_above=-999 required=5 tests=[AWL=1.000,
BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id eLK-JLfa1BNq for <dnsop at core3.amsl.com>;
Wed, 17 Sep 2008 01:05:05 -0700 (PDT)
Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1])
by core3.amsl.com (Postfix) with ESMTP id 4369128C2A2
for <dnsop at ietf.org>; Wed, 17 Sep 2008 01:05:05 -0700 (PDT)
Received: from [192.168.1.7] (ip123-112-174-82.adsl2.static.versatel.nl
[82.174.112.123]) (authenticated bits=0)
by open.nlnetlabs.nl (8.14.3/8.14.3) with ESMTP id m8H85AKT056497
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <dnsop at ietf.org>; Wed, 17 Sep 2008 10:05:11 +0200 (CEST)
(envelope-from matthijs at nlnetlabs.nl)
Message-ID: <48D0BA36.60809 at nlnetlabs.nl>
Date: Wed, 17 Sep 2008 10:05:10 +0200
From: Matthijs Mekking <matthijs at NLnetLabs.nl>
User-Agent: Thunderbird 2.0.0.16 (X11/20080724)
MIME-Version: 1.0
To: dnsop at ietf.org
X-Enigmail-Version: 0.95.0
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0
(open.nlnetlabs.nl [213.154.224.1]);
Wed, 17 Sep 2008 10:05:11 +0200 (CEST)
Subject: [DNSOP] draft-ietf-dnsop-resolver-priming-01
X-BeenThere: dnsop at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop at ietf.org>
List-Help: <mailto:dnsop-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces at ietf.org
Errors-To: dnsop-bounces at ietf.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have read this draft and have some small comments.
First of all, is this draft about priming the NS RRset only, or should
it also consider priming trust anchors. Because you mention priming
queries from the dnsop-dnssec-trust-anchor draft, but you don't cover
these kind of priming queries. If this draft is about priming NS queries
only, you should make this more clear. By the way, a nit: it is not
common to refer to a document that is under revision.
In the introduction you show that the text in section 5.3.3. of RFC 1034
is out of date. Should this document update the RFC?
About 2.1. Target Selection: Can you include a reason why a resolver
MUST select the target randomly and with even probability? I guess it
makes guessing attacks harder or divides the load nicely between all
root servers. I am just curious what the reason is that resolvers *MUST*
do this.
About 2.3. Repeating Priming Queries: Again, what are the reasons for
these parameters? Is 75% if the TTL always more than 24hours?
I think this draft is helpful and I think it would be helpful to include
parameters of priming trust anchor queries.
Regards,
Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI0Lo2IXqNzxRs6egRAtGyAJ9OKCmXpfZjS7UUnP8FOQO4bAGl/gCgjm8Z
wmuIzG83qK4uIo9xBuw4iH4=
=MP37
-----END PGP SIGNATURE-----
_________________________________________________________
DNSOP mailing list
DNSOP at ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
____________
DNSOP mailing list
DNSOP at ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
__________
DNSOP mailing list
DNSOP at ietf.org
https://www.ietf.org/mailman/listinfo/dnsop