Hi Roy!

On 8 July 2014 at 7:40:22, 🔒 Roy Arends (r...@dnss.ec) wrote:

> I really like this idea. Many ISPs already do this, (including some high 
> profile public  
> recursives, like Google and OpenDNS), because it simply makes sense: It 
> reduces latency  
> for the end user, reduces outbound traffic overhead, eliminates an attack 
> vector.
>  
> This specific document shouldn’t be a discussion point at all. Folks are 
> doing this right  
> now. What we need is a BCP that describes: IFF you are going to do it, here 
> is how.

As I discussed with Warren back when he was still at the pre-typing, thinking 
stage on this draft, I agree with you. I think documenting the trade-offs and 
giving advice to people who have decided to slave the root themselves is 
valuable. (I proposed something like "slaving-root-considered-harmful" in my 
review last week, which with hindsight was a bit hysterical. I like the idea of 
writing a document that describes how, with current code and in the current 
operational landscape people could do this.

The document under discussion specifies protocol-level changes for resolvers, 
however, and goes further than simply providing analysis and recommendations 
about how people could make sure they don't shoot themselves in the foot.

Perhaps a way forward here is to reign in the current effort and constrain it 
to the best way of using a local copy of the root zone on a resolver today, 
with no protocol or specification changes to resolvers. Once we've identified 
the best such configuration and have identified any operational concerns with 
it, we will be in a much better position to consider changes to the resolver 
spec and/or new root zone distribution mechanisms to make it better.


Joe

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to