I like the idea generally, and mostly have concerns about what can go wrong, and possible missed opportunities in the operational realm.
These comments are meant to be constructive, and with the goal of improving the draft quality and/or quality of the underlying protocol. And, of course, I speak only for myself. In no particular order: - Given the unsigned nature of the glue in the zone, and the importance of root glue, it might be the right time to also introduce a "zone signature" RR, signed by the ZSK. - Given the lack of the "big red button", this would be a good time to introduce the ability to opt-in to a NOTIFY "registry", so that appropriately validated notifications could be sent by a root-zone operator (from whom the root-loopback operator does AXFRs) - I'd also suggest adding something like a "sentinel" query for SOA Serial Number be made at REFRESH intervals to randomly-selected root servers. If the SOA Serial Number is stale for REFRESH + RETRY, it may be safer to go SERVFAIL at that point rather than waiting for EXPIRE. (The stale zone might still want to be used if all other root servers become unreachable, so don't delete the zone, just prefer not to use it.) Hope this is helpful. Feel free to ignore anything viewed as controversial or unlikely to gain consensus. Brian Dickson
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop