Moin,
> You probably need to think about DNSSEC-signed responses to DNSKEY
> queries (particularly during key roll scenarios) , and also DNSSEC-
> signed NSEC queries.
I was not aware that there are cases where a recursive resolver sends
DNSSEC-signed responses to an authoritative to solicit a rep
On Tuesday, October 22, 2024 11:30:07 PM UTC Geoff Huston wrote:
> ...
>
> If you look at the pool of recursive resolvers and weight these resolvers
> against the population of users' stub resolver that they server the
> population of recursive resolvers that matter (i.e. cumulatively serve more
>
Hi Tobias,
I'll continue with the threading of this conversation, though
it may be getting challenging to follow! :-)
> On 22 Oct 2024, at 6:40 PM, Tobias Fiebig wrote:
>
>
>> I'm sorry but I don;t understand the point you are making here.
>
> - A DNS query for an FQDN with a length of 255
I think this draft should offer more background on the problem space,
describing the situations where these DCV patterns are appropriate or
inappropriate. In particular, I would like to see text clearly distinguishing
two patterns:
1. "Domain Control Validation" -> Prove that the owner of this
Dear WG,
The below update contains only editorial changes:
- Point out DNSSEC bootstrapping use case
- Remove sections with approaches not pursued
- Editorial nits
Nothing substantial has changed since the last DNSOP session in Vancouver, and
the authors believe this is pretty much done. We'll
> I'm sorry but I don;t understand the point you are making here.
- A DNS query for an FQDN with a length of 255 using DNSSEC leads to a
336b message on the wire. It is unlikely that we will cram enough
into DNS to raise this above 1280.
- In the past, some vocal voices were rather clear tha
