[DNSOP] draft-fujiwara-dnsop-resolver-update-00

Tue, 01 Nov 2016 23:11:06 -0700 

Hello,

I submitted draft-fujiwara-dnsop-resolver-update-00 that tries to
improve resolver algorithm.

Please read it and comment.

I also made a presentation of the same topic
at previous DNS-OARC workshop.

  
https://indico.dns-oarc.net/event/25/session/6/contribution/19/material/slides/2.pdf

Regards,

--
Kazunori Fujiwara, JPRS <fujiw...@jprs.co.jp>

> From: internet-dra...@ietf.org
> 
> A new version of I-D, draft-fujiwara-dnsop-resolver-update-00.txt
> has been successfully submitted by Kazunori Fujiwara and posted to the
> IETF repository.
> 
> Name:         draft-fujiwara-dnsop-resolver-update
> Revision:     00
> Title:                Updating Resolver Algorithm
> Document date:        2016-11-01
> Group:                Individual Submission
> Pages:                9
> URL:            
> https://www.ietf.org/internet-drafts/draft-fujiwara-dnsop-resolver-update-00.txt
> Status:         
> https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-resolver-update/
> Htmlized:       
> https://tools.ietf.org/html/draft-fujiwara-dnsop-resolver-update-00
> 
> 
> Abstract:
>    Parent side NS RRSet and glue records are all information to access
>    servers for child zone.  However, they may be overwritten by child
>    zone data (zone apex NS RRSet and other A/AAAA RRSets).  The
>    overwrite makes name resolution unstable and induces vulnerabilities.
>    RFC 2181 section 5.4.1 specifies trustworthiness of DNS data.  And it
>    is deemed that that all cached data (authoritative data, non-
>    authoritative data, referrals and glue records) are merged into one.
>    Resolvers may answer non-authoritative data, referrals and glue
>    records that should not be returned.  This document proposes updating
>    resolver algorithm that separates the cache to "authoritative data
>    cache" and "delegation cache".  The former is used to answer stub
>    resolvers, and the latter is used to iterate zones.
> 
>                                                                               
>     
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> The IETF Secretariat
> 

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to