On 11/1/17, 11:17, "DNSOP on behalf of Ólafur Guðmundsson" <dnsop-boun...@ietf.org on behalf of ola...@cloudflare.com> wrote:
>Thus the question is twofold > >a) is there need for clarification in how protocol works possibly with >recommendation for resolver "tunable" settings. > This is something that might be fit into -validator-requirements-. (Which is perhaps another motivation of mine to dig into this.) But the idea of more knobs to turn and switches to flip runs counter to my perceived need to simplify the operation of the DNS. The battlefield is defined by software developers, who are pushed to add more functionality into simpler to run packages. Many operators use "off-the-shelf" components and do not write their own code, which is what shifts this on to the shoulders of the software developers. >b) is there need for operational guidance for "split DNS" DNSSEC There was an attempt to document split DNS more than 10 years ago, which died a death of disinterest. (Last version expired 10 years, 1 month, 25 days ago. ;) Lucky guess.) https://tools.ietf.org/html/draft-krishnaswamy-dnsop-dnssec-split-view-04 Perhaps start there. (Last time I saw the author was in a children's swimming school lobby just last year. Odd.)
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
