For HTTP I would make it mandatory that an Expires header exists in the reply and that it is used to trim the expiry timer similarly to how EDNS EXPIRE is used.
> On 27 Feb 2026, at 10:34, marka <[email protected]> wrote: > > > >> On 27 Feb 2026, at 02:11, Florian Obser <[email protected]> wrote: >> >> On 2026-02-25 15:43 -08, Wes Hardaker <[email protected]> wrote: >>> Florian Obser <[email protected]> writes: >>> >>>> How about this, in the main document, section 4, adding "It MUST NOT be >>>> longer than...": >>> [...] >>> >>> Change added! Thanks for the concrete suggestion. >>> >>>> Now, the problem with the SOA expiry value is that it gets more out of >>>> whack the longer your transfer chain is. >>>> It seems unlikely to me that the list from >>>> draft-hardaker-dnsop-root-zone-publication-points will list the RZM's >>>> distribution servers, so everything is already one hop removed from the >>>> primary. >>> >>> FYI, the publication points will list the internic.net sources, as well >>> as the {lax,iad}.icann.dns.org AXFR sources. The original version >>> didn't because I had not received authorization to list them as examples >>> yet, but have now. I have not asked the RZM if they wanted to be listed >>> (and how and where), nor have they offered. Other sources remain to be >>> seen. But the draft contains an example list, and IANA will be >>> responsible for defining the real list. >>> >>>> 1. I think we need to mention RFC 7314 in the main document: >>>> "A LocalRoot implementation SHOULD (MUST?) use RFC 7314 EDNS EXPIRE >>>> Option." >>> >>> Add! >>> >>>> 2. The distribution points MUST support RFC 7314. >>> >>> [...] >>> >>> That's a good point to consider and I suspect we need to think about it >>> further and discuss it. >>> >>> Certainly for *XFR targets 7314 should likely implemented when possible >>> on the server side. I think. But is it a mandatory requirement or not? >>> That I'm less convinced by. >>> >>>> 3. Figure out what to do about http / CDNs. I suppose we could use the >>>> "last-modified" header? >>> >>> That has been discussed some and we do talk about using the HEAD option >>> for HTTP requests to reduce the overhead when the zone file hasn't >>> changed. >>> >> >> You might have misunderstood what I was going on about, let me try again. >> >> How can the LocalRoot server figure out what the real expire time is >> when using http? At what time should it stop using the zone file and >> switch to querying the root name servers? >> >> The zone file might have sat on the CDN for 10 days already. If the >> LocalRoot server starts the expire timer from when it fetched the zone >> it will treat it as not-expired for an additional 7 days, at that point >> the zone will be 17 days old and signatures will have expired. > > Additionally with AXFR/IXFR we have EDNS EXPIRE which exists to address > the expiry issue when not fetching from the authoritative source. > >>> -- >>> Wes Hardaker >>> Google >>> >>> _______________________________________________ >>> DNSOP mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] >> >> -- >> In my defence, I have been left unsupervised. >> >> _______________________________________________ >> DNSOP mailing list -- [email protected] >> To unsubscribe send an email to [email protected] > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [email protected] -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
