-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/16/14 1:45 PM, Tim Wicinski wrote: | | This starts a Call for Adoption for | draft-wkumari-dnsop-root-loopback
I have read the draft, I support its adoption, and I will review and contribute text as necessary. It should come as no surprise that I'm in support, as I've been advocating slaving the root zone locally since 2001. :) The one flaw I see in the draft is that the configuration it recommends is needlessly complex. Where possible (such as for BIND) slaving the zone in the resolver instance gives a lot of benefits, and few drawbacks. Before commenting further I'd love the authors to flesh out their reasoning for not simply slaving the zone where possible. There is currently some mumbling about the resolver not handing out AA, but no reasoning as to why that is a problem. I've read the threads on the original draft, and on this one, and there was some good discussion of pros and cons there, I'd like to see some of that discussion in the text. (And yes, I'm aware that one of the primary motivators is DNSSEC, but the only thing in the root that we care about are the DS records, and a validating resolver is going to chase those up to its trust anchor anyway.) Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJUaS96AAoJEFzGhvEaGryEOf8IALMQEt2gg3SUuJs8VKSz5w40 lcrooyF+NUrqS3+uWdlzIddHsm2fqluXV25QNiRDySn7J/We/dsokBr8RxH7nqLc aSupz/domI7uTaPD/hz7LR/5HNf/7vCfUrlhlWn9FoboZQy7FeOqFr8HQrGSEKw1 IsXCCHK23U9QEQM16I96kBCUO+JSM+w1ACqKaSo3qJMxG37fAAzPSga0X6UeLlaJ +amLZzWu5I2QrbhqQNYeFm4t5jDg2wi8NrS8u5IxDSWRUEWrNnz9lO4UpjOl8gjo EQS+T618nUeLBawFxMNmcrFMU4SS6654oD0ttXGN+hbxoXBAVRJMHCuGMlXMcik= =hAqD -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
