On Fri, Apr 17, 2015 at 06:48:29AM -0400, Tim WIcinski <tjw.i...@gmail.com> wrote a message of 30 lines which said:
> Please review the draft and offer relevant comments. Remember: This > draft is not attempting to redefine any definitions, but to collect > and formalize the definitions which do exist. > > Because of the nature of the WGLC, we're making this a three week > window. The working group last call will end on Friday May 8th. IMHO, the text can NOT be published with its definition of Forwarder. The definition of Forwarder is still both confused and self-contradictory. For instance, the current text says that the forwarder "sends on the resulting query (usually to a recursive resolver)" and later that "The forwarder typically either has better access to the internet, or maintains a bigger cache which may be shared amongst many resolvers" If it has a better access, why does it send to another recursive resolver? It really seems the current definition mixes the downstream forwarder and the upstream resolver. My proposal: Forwarder -- A DNS resolver that receives a DNS query from another resolver, sends it (usually to authoritative name servers), and returns the resulting response to the source of the query. Section 1 of [RFC2308] describes a forwarder as "a nameserver used to resolve queries instead of directly using the authoritative nameserver chain". [RFC2308] further says "The forwarder typically either has better access to the internet, or maintains a bigger cache which may be shared amongst many resolvers." I also suggest to delete the entry "Open forwarder" which has the same issues. Other remarks which are not, in my opinion, blocking for the publication: > Public suffix Two small text additions. 1) cite "DNS Administrative Boundaries Problem Statement" draft-sullivan-dbound-problem-statement 2) "Note there is zero indication, in the domaine name, that it is a public suffix or not. It can only be learned from outside means." > Non-consensual policy-implementing resolver [...] The difference > between this and a consensual policy- implementing resolver is that > users of this resolver are not expected to know that there is a > policy to change the answers it returns. Dangerous legal and political issues here. If Joe Sysadmin configures the DHCP server to tell the users' machines to use 192.0.2.53 and this resolver rewrites answers, can we honestly say that the users "are expected to know"? Technically, there is no difference between Consensual policy-implementing resolver and Non-consensual policy-implementing resolver and I would merge the definitions. > Passive DNS -- A mechanism to collect large amounts of DNS data by > storing queries and responses from recursive servers. Most passive DNS servcies collect only the responses, which is good for privacy.
signature.asc
Description: Digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
