On 2026-02-25 15:43 -08, Wes Hardaker <[email protected]> wrote: > Florian Obser <[email protected]> writes: > >> How about this, in the main document, section 4, adding "It MUST NOT be >> longer than...": > [...] > > Change added! Thanks for the concrete suggestion. > >> Now, the problem with the SOA expiry value is that it gets more out of >> whack the longer your transfer chain is. >> It seems unlikely to me that the list from >> draft-hardaker-dnsop-root-zone-publication-points will list the RZM's >> distribution servers, so everything is already one hop removed from the >> primary. > > FYI, the publication points will list the internic.net sources, as well > as the {lax,iad}.icann.dns.org AXFR sources. The original version > didn't because I had not received authorization to list them as examples > yet, but have now. I have not asked the RZM if they wanted to be listed > (and how and where), nor have they offered. Other sources remain to be > seen. But the draft contains an example list, and IANA will be > responsible for defining the real list. > >> 1. I think we need to mention RFC 7314 in the main document: >> "A LocalRoot implementation SHOULD (MUST?) use RFC 7314 EDNS EXPIRE >> Option." > > Add! > >> 2. The distribution points MUST support RFC 7314. > > [...] > > That's a good point to consider and I suspect we need to think about it > further and discuss it. > > Certainly for *XFR targets 7314 should likely implemented when possible > on the server side. I think. But is it a mandatory requirement or not? > That I'm less convinced by. > >> 3. Figure out what to do about http / CDNs. I suppose we could use the >> "last-modified" header? > > That has been discussed some and we do talk about using the HEAD option > for HTTP requests to reduce the overhead when the zone file hasn't > changed. >
You might have misunderstood what I was going on about, let me try again. How can the LocalRoot server figure out what the real expire time is when using http? At what time should it stop using the zone file and switch to querying the root name servers? The zone file might have sat on the CDN for 10 days already. If the LocalRoot server starts the expire timer from when it fetched the zone it will treat it as not-expired for an additional 7 days, at that point the zone will be 17 days old and signatures will have expired. > -- > Wes Hardaker > Google > > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] -- In my defence, I have been left unsupervised. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
