At 00:38 24/01/2010, Danny Mayer wrote:
>> Proposed replacement text:
>>
>> |2.1. Parameters of a Priming Query
>> |
>> | A priming query MUST use a QNAME of "." and a QTYPE of NS, QCLASS
>> | of IN, with RD bit set to 0, the source port of the query should
>> | be randomly selected [RFC5452].
>> |
>> | A DNSSEC aware resolver SHOULD sent the priming query over TCP.
>> | If TCP is refused a different server SHOULD be tried, after 3 tries
>> | the resolver SHOULD fall back on UDP.
>> |
>> | A DNSSEC ignorant but EDNS0 capable, resolver SHOULD issue the
>> | priming query over UDP, ENDS0 option MUST be included with buffer
>> | size of 1220 or larger. If the UDP query times out TCP SHOULD be
>> | tried.
>> |
>> | An EDNS0 ignorant resolver MUST issue the priming query over UDP.
>>
>> ...
I'm not sure I understand the point to this part. Since this is a draft
and you would be talking about the next versions of resolvers that would
be expect to support this (as opposed to existing ones) why would you
expect there to be any future resolver ignorant of DNSSEC? Aren't we
trying to make DNSSEC mandatory for future resolvers?
While some of us hope all resolvers will support DNSSEC at some point
in the future,
there are resolvers that never will.
The paragraph as I tried to frame it is to not place onerous burden
on the system,
if a Resolver has no intention of validating anything it should
"consider itself as
DNSSEC ignorant".
Olafur
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
