On Thu, Oct 3, 2024 at 8:00 PM Dave Lawrence <t...@dd.org> wrote: > I have read the most recent version of the document and am strongly in > favor of its publication as a proposed standard. I want my NXDOMAINs > back. >
Thanks! You're not the only one :) > I have little substantive feedback on the text, mostly personal > editorial preferences that are not worth fussing about. > > That said, is "lexicographic successor" defined anywhere > handy? Though I know what it is, perhaps it'd be helpful for > implementers to have a reference to ... 4471 section 3.1.2? > That's a good suggestion - we can reference that. I think the phrase "lexicographic successor" appeared in this draft. Maybe we can drop the "lexicographic", or just use "DNS name successor" as used in 4471. Also, I'm feeling stupid, but how does this preclude RFC 8020 as said > in the Operational Considerations section? Are you saying it > precludes signed NXDOMAINs from cache? Because if I, a resolver, ask > about bigfoot.example.com and get told "bigfoot doesn't exist, and > here's the NXNAME to prove it", why can't I then let non-DNSSEC > clients know that sonof.bigfoot.example.com also doesn't exist without > asking example.com again? Maybe that sentence needs either a > qualification, or an explanation for folks like me. > This sentence was talking about DNSSEC-enabled queriers. For non-DNSSEC clients, yes a resolver can certainly synthesize NXDOMAIN. We can certainly qualify this sentence as you suggest. Note that even for DNSSEC speakers, we could construct a selective, signaled way to do 8020 NXDOMAIN synthesis, but this requires more complexity in resolvers. (I mentioned the possibility at IETF119/Brisbane and had a few brief discussions about it, but sensed no appetite for it). Shumon
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
