At Mon, 4 Mar 2019 19:45:02 -0500, Tom Pusateri <pusat...@bangj.com> wrote:
> Thanks to the great feedback, we were able to update the document to > better match the preferences of the working group and address the > outstanding concerns. > > A new version of I-D, draft-pusateri-dnsop-update-timeout-02.txt > > has been successfully submitted by Tom Pusateri and posted to the > > IETF repository. I've read draft-pusateri-dnsop-update-timeout-02. Personally, I'm not yet convinced that we need to provide this functionality in an "in-band" way (i.e., as a DNS resource record). But I wouldn't be strongly opposed to it if the WG is willing to adopt it. For now I'm just providing some technical comments on the draft content. - general: it's not clear to me when/how a TIMEOUT RR is added to a zone? Is it assumed that an update client includes it in its update request? Or is the primary server supposed to internally add/update TIMEOUT(s) on handling update requests? Or something else? I think the draft should explain it more clearly. - Section 4 If the expiry time is the same, multiple records can be combined into a single TIMEOUT record with the same owner name, class, and record type but this is NOT REQUIRED. 'NOT REQUIRED' is not an RFC2119 keyword. If this is not intended to be a normative keyword, it's better to be lower-cased to avoid confusion; if it's intended to be normative, a valid RFC2119 keyword should be used. - Section 4.1 A 16-bit field containing the resource record type to which the TIMEOUT record applies. Multiple TIMEOUT records for the same owner name, class, and represented type can exist. Is there any RR type that must not be specified here? For example, can TIMEOUT itself be specified? - Section 4.2 If an additional TIMEOUT record exists with the same owner name, class, and record type, it MUST be ignored and SHOULD be removed. It's not clear to me exactly what "it MUST be ignored and SHOULD be removed" means...perhaps it's also related to how TIMEOUT is added to a zone. - Section 4.3.2 The record MUST be in canonical DNSSEC form as described in Section 6 of [RFC4034]. You might also want to state that the RDATA in TIMEOUT and the RDATA of the actual RR that it covers must be compared in the canonical form (i.e., some types of RRs have to be compared in the case-insensitive manner). - Section 6 A TIMEOUT resource record MUST be removed when the last resource record it covers has been removed. This statement looks ambiguous about *who* removes the TIMEOUT. According to the paragraph that follows I guess it's the primary server implementation (rather than, e.g., a human administrator of the server). Perhaps it's better to use the active voice here, too: A primary server MUST remove a TIMEOUT resource record... - Section 6/general: what should happen if an administrator manually edit the zone file (and reload it to the primary server)? Is it the administrator's responsibility to adjust TIMEOUT accordingly, or is the primary server implementation supposed to do it automatically? - Section 6 As a reminder from Section 3.3.13 of [RFC1035], the MINIMUM field of the SOA for the zone is used as a lower bound of the TTL for all records in the zone. This is deprecated by RFC2308. -- JINMEI, Tatuya
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop