On Jun 29, 2019, at 2:22 PM, Ralf Weber <d...@fl1ger.de> wrote: > > Couple of questions/remarks that may have been asked/answered (but are not > discussed in the draft thus I’m asking). > > - The draft offers two methods of retrieving the object but says nothing > about which is mandatory (Me being a lazy DNS geek will certainly not put a > web server on my DNS server so won’t implement 3). Will it still work? Why?
Neither is mandatory: both are optional. That is, we cannot force a resolver to give information about itself, nor can we force it to do something abnormal for a resolver (be authoritative for a new type of query or run a web server). > - In section 3 there is the mention of the DOMAINNAMEOFRESOLVER. I have no > idea how any API/Interface for DNS resolvers offers the ability to enter a > name. So where does it come from? If there is no such thing should we not > remove it from the draft. The name doesn't need to be in the config of the DNS part of the resolver: it would only appear in the TLS part, just as it does in every web server that supports TLS. > - The biggest issue IMHO are RFC1918 and IPv6 link local addresses as these > are mostly used in homes for DNS resolver addresses. This means that the CPE > - who usually is a DNS Forwarder has to answer (and understand) this query > and either forward or answer by himself. DNS Proxies might not implement > RFC3597. If a resolver of any type can't be configured to give the information here, it just won't. > Should there be a fallback (TXT)? I'm not sure how that would help if it can't be configured due to address issues. --Paul Hoffman _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
