-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
I have read this draft and have some small comments. First of all, is this draft about priming the NS RRset only, or should it also consider priming trust anchors. Because you mention priming queries from the dnsop-dnssec-trust-anchor draft, but you don't cover these kind of priming queries. If this draft is about priming NS queries only, you should make this more clear. By the way, a nit: it is not common to refer to a document that is under revision. In the introduction you show that the text in section 5.3.3. of RFC 1034 is out of date. Should this document update the RFC? About 2.1. Target Selection: Can you include a reason why a resolver MUST select the target randomly and with even probability? I guess it makes guessing attacks harder or divides the load nicely between all root servers. I am just curious what the reason is that resolvers *MUST* do this. About 2.3. Repeating Priming Queries: Again, what are the reasons for these parameters? Is 75% if the TTL always more than 24hours? I think this draft is helpful and I think it would be helpful to include parameters of priming trust anchor queries. Regards, Matthijs -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI0Lo2IXqNzxRs6egRAtGyAJ9OKCmXpfZjS7UUnP8FOQO4bAGl/gCgjm8Z wmuIzG83qK4uIo9xBuw4iH4= =MP37 -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
