Hi Roy! On 8 July 2014 at 7:40:22, 🔒 Roy Arends (r...@dnss.ec) wrote:
> I really like this idea. Many ISPs already do this, (including some high > profile public > recursives, like Google and OpenDNS), because it simply makes sense: It > reduces latency > for the end user, reduces outbound traffic overhead, eliminates an attack > vector. > > This specific document shouldn’t be a discussion point at all. Folks are > doing this right > now. What we need is a BCP that describes: IFF you are going to do it, here > is how. As I discussed with Warren back when he was still at the pre-typing, thinking stage on this draft, I agree with you. I think documenting the trade-offs and giving advice to people who have decided to slave the root themselves is valuable. (I proposed something like "slaving-root-considered-harmful" in my review last week, which with hindsight was a bit hysterical. I like the idea of writing a document that describes how, with current code and in the current operational landscape people could do this. The document under discussion specifies protocol-level changes for resolvers, however, and goes further than simply providing analysis and recommendations about how people could make sure they don't shoot themselves in the foot. Perhaps a way forward here is to reign in the current effort and constrain it to the best way of using a local copy of the root zone on a resolver today, with no protocol or specification changes to resolvers. Once we've identified the best such configuration and have identified any operational concerns with it, we will be in a much better position to consider changes to the resolver spec and/or new root zone distribution mechanisms to make it better. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop