My 2 cents as co-author of [1,2]: We find more or less similar percentages of parent-child glue inconsistencies (5-12% of SLDs, Table 12) compared to NS inconsistencies. Therefore, I think that glue revalidation should be included in the process. Best, Raffaele
[1] https://www.caida.org/catalog/papers/2020_unresolved_issues/unresolved_issues.pdf [2] https://www.caida.org/catalog/papers/2020_when_parents_children_disagree/when_parents_children_disagree.pdf Il mar 10 ago 2021, 20:48 Shumon Huque <shu...@gmail.com> ha scritto: > On Tue, Aug 10, 2021 at 1:55 PM Paul Hoffman <paul.hoff...@icann.org> > wrote: > >> Greetings again. In the DPRIVE WG, we are discussing a proposal that >> would make encrypting transport on a first lookup more likely using a DS >> hack. Whether or not that becomes a WG item in DPRIVE, it reminded me that >> DNSOP had not finished with draft-ietf-dnsop-ns-revalidation, and that this >> draft could be expanded beyond revalidating just NS RRsets to revalidating >> all glue. >> > > Paul, > > I think that's a reasonable thing to consider (and I suspect some > resolvers may already revalidate glue), as long as it's done lazily (or in > parallel) and doesn't interpose additional delay in following a referral. > I'll await other comments .. > > But I'm trying to better understand the connection to the DS hack draft > (I've not followed it very closely, I'll admit). Does it require or benefit > from glue revalidation? Isn't the child zone owner explicitly putting its > NS name and addresses into the hacked DS record at the parent? > > Given the results of the survey and the possible cross-WG interest, I'd >> like to see draft-ietf-dnsop-ns-revalidation moved forward in DNSOP sooner >> rather than later. >> > > I'm working on the remaining loose ends and plan to push another update > soon. > > Shumon. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
