If I (insanely) ran a totally manual, out of band process to periodically canvas the space and injected the knowns into the model of "root" for my resolver, would I be able to say I am primed?
I am trying to get to the point that the "how" part is only exemplary, explanatory. The requirement is that you have the information, now how you get it or how it comes into your resolver. The distinction between shipped states of the root.hints and the actual live mappings of the domain labels inherent in it, to addresses (if you like) I can bypass the hints file ,and use SQL to update my root mapping. I think the intent of "priming" is that you then populate the information from 'inside' DNS. But, again, its only advisory, its not standards enforced is it? I can populate my continuing knowledge of the state of the DNS at the root, or anywhere else, in any mechanism I like. I could periodically FTP the zone files from places, and populate my resolver cache state from these. I could basically "never" forward DNS queries high in the tree, if I felt like making my server do that. Am I "not primed" if I do this? (this mechanism wouldn't support authenticated denial of arbitrary labels, as an example) -G On Fri, Aug 7, 2020 at 12:42 AM Paul Hoffman <paul.hoff...@icann.org> wrote: > > On Aug 6, 2020, at 4:08 AM, Andrew McConachie <and...@depht.com> wrote: > > > > What does it mean for a resolver to be primed, or for a resolver to not be > > primed? For example, is a resolver considered primed only if it has all > > root server names and IP addresses? 50%? At least 1? > > Excellent questions, two that the WG can certainly consider. Note that it > *is* two questions, the root server names and the associated addresses. > > From the text you quote: > > > Priming is the act of finding the list of root servers from a > > configuration that lists some or all of the purported IP addresses of > > some or all of those root servers. A recursive resolver starts with > > no information about the root servers, and ends up with a list of > > their names and their addresses. > > RFC 8109 indicates that priming means knowing the full set of names and the > full set of addresses. > > > If that were true it would be impossible for the resolver to find anything. > > It definitely starts with some information about the root servers. Maybe > > change "no information" to "this information". > > This distinction is important. A resolver starts with no actual information, > but only meta-information: where to get the actual names and addresses for > the root server. Is there a better way to say this in the -bis document? > > --Paul Hoffman_______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
