On Jul 8, 2014, at 9:00 AM, Patrik Fältström <p...@frobbit.se> wrote:
> Note that I only listed a hand full of issues I immediately think of that I > think needs to be compared and evaluated. Like Suzanne wrote. In some cases > there is no difference between an auth server and cache, in other cases there > might be. Section 4 of our draft lists two very distinct possibilities for how the validating recursive resolver responds to cached information about the root: continue to act like a cache (do not set the AA bit), or as an authoritative slave (turn on the AA bit for answers for root zone info). It sounds like you are only considering the second possibility, and that you consider that risky. If so, instead of attacking the entire draft, maybe just attack that one possible choice. If others agree with you, then that second option can be removed. I simply do not see how a validating recursive resolver that pulls in the entire root zone and validates it before putting it in the cache, and then responds exactly as if it had queried each record in the root, has any of the issues you are hammering on, particularly the "political" ones. --Paul Hoffman _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
