NS mismatch between parent zone and child zone is an issue.
I think that this draft is a very good start.
Jiankang Yao
From: fujiwara
Date: 2016-11-02 14:10
To: dnsop
Subject: [DNSOP] draft-fujiwara-dnsop-resolver-update-00
Hello,
I submitted draft-fujiwara-dnsop-resolver-update-00 that tries to
improve resolver algorithm.
Please read it and comment.
I also made a presentation of the same topic
at previous DNS-OARC workshop.
https://indico.dns-oarc.net/event/25/session/6/contribution/19/material/slides/2.pdf
Regards,
--
Kazunori Fujiwara, JPRS <fujiw...@jprs.co.jp>
> From: internet-dra...@ietf.org
>
> A new version of I-D, draft-fujiwara-dnsop-resolver-update-00.txt
> has been successfully submitted by Kazunori Fujiwara and posted to the
> IETF repository.
>
> Name: draft-fujiwara-dnsop-resolver-update
> Revision: 00
> Title: Updating Resolver Algorithm
> Document date: 2016-11-01
> Group: Individual Submission
> Pages: 9
> URL:
> https://www.ietf.org/internet-drafts/draft-fujiwara-dnsop-resolver-update-00.txt
> Status:
> https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-resolver-update/
> Htmlized:
> https://tools.ietf.org/html/draft-fujiwara-dnsop-resolver-update-00
>
>
> Abstract:
> Parent side NS RRSet and glue records are all information to access
> servers for child zone. However, they may be overwritten by child
> zone data (zone apex NS RRSet and other A/AAAA RRSets). The
> overwrite makes name resolution unstable and induces vulnerabilities.
> RFC 2181 section 5.4.1 specifies trustworthiness of DNS data. And it
> is deemed that that all cached data (authoritative data, non-
> authoritative data, referrals and glue records) are merged into one.
> Resolvers may answer non-authoritative data, referrals and glue
> records that should not be returned. This document proposes updating
> resolver algorithm that separates the cache to "authoritative data
> cache" and "delegation cache". The former is used to answer stub
> resolvers, and the latter is used to iterate zones.
>
>
>
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop