[I am not a big fan of the idea, because I see it as useful mostly for
big public resolvers and I am not a big fan of big public resolvers.]
Section 1:
1) "The motivation for a user to configure such a Centralized Resolver
varies but is usually because of some enhanced experience, such as
greater cache security or applying policies regarding where users may
connect." OK, but the draft should also mentions the cons of
centralized resolvers such as the privacy risks and the security risks
in the first kilometer (which is many kilometers long).
Section 6.3:
2) "implementing full caching support as described in this
section is STRONGLY RECOMMENDED." STRONGLY is not in RFC 2119 and
therefore should not be in uppercase.
Section 10.1:
3) "Users who wish their full IP address to be hidden can include an
edns-client-subnet option specifying the wildcard address 0.0.0.0/0"
This make the entire mechanism opt-out rather than opt-in. Not ideal
for privacy. It should at least be explained why.
Section 12:
4) "1. A stub resolver SR with IP address 192.0.2.37 tries to resolve
www.example.com, by forwarding the query to the Recursive
Resolver R from IP address IP, asking for recursion." R should
be RNS, as used later.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
