----- Original Message ----- > From: "神明達哉" <jin...@wide.ad.jp> > To: "Ondřej Surý" <ondrej.s...@nic.cz> > Cc: "Stephane Bortzmeyer" <bortzme...@nic.fr>, "Bob Harold" > <rharo...@umich.edu>, "dnsop" <dnsop@ietf.org> > Sent: Tuesday, 15 November, 2016 03:40:56 > Subject: Re: [DNSOP] draft-fujiwara-dnsop-resolver-update-00
> At Tue, 15 Nov 2016 03:12:43 +0100 (CET), > Ondřej Surý <ondrej.s...@nic.cz> wrote: > >> > Yes, it is. Otherwise, what would be the point of using the NS in the >> > parent instead of the authoritative one? >> >> Let me rephrase it, the assumption here is that parent NS are: >> "as good as they get to resolve the names underneath", and that >> doesn't mean they are necessarily more or less "correct" than >> child NS. > > I'm not sure how you can be so sure about the author's assumption when > the draft itself doesn't explicitly clarify the assumption (maybe > based on an off-list conversation with Fujiwara-san?), but if that's > actually the assumption, the current draft text is IMO so confusing > and misleading. In that sense I'm with Bob and Stephan, and the draft > should be much clearer on the assumption. > > And IMO, with the assumption *corrected*, the draft's recommendation > becomes even less convincing to me. True, those are my assumptions about the draft based on the real world experiences about the general mess that DNS usually is and experiences with implementing a DNSSEC-validating resolver that has to cope with such mess. Therefore my view is that the resolvers cannot make any assumptions that anything in the DNS is *correct*, but only that it's as good as it gets and try hard to fulfill the original query. I generally think that we should improve the DNS if the overall outcome will be a better protocol (in any of stability, determinism, reliability, resilience, add your own...) even if it attacks or changes the existing paradigms without breaking existing deployments (to a limit). Cheers, -- Ondřej Surý -- Technical Fellow -------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Milesovska 5, 130 00 Praha 3, Czech Republic mailto:ondrej.s...@nic.cz https://nic.cz/ -------------------------------------------- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
