Thanks for the review, Ines. Barry
On Fri, Feb 28, 2020 at 5:02 AM Ines Robles via Datatracker < nore...@ietf.org> wrote: > Reviewer: Ines Robles > Review result: Ready with Nits > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-ietf-dnsop-7706bis-07 > Reviewer: Ines Robles > Review Date: 2020-02-28 > IETF LC End Date: 2020-02-28 > IESG Telechat date: Not scheduled for a telechat > > Summary: > > The document is well written, it supplies appendixes with examples. > > This document describes a method for the operator of a recursive resolver > to > have a complete root zone locally, and to hide queries for the root zone > from > outsiders, at the cost of adding some operational fragility for the > operator. > > I have some minor questions. > > Major issues: None > > Minor issues: None. > > Nits/editorial comments: > > 1- Appendix B.5: it seems that the link is not valid: <https://knot- > resolver.readthedocs.io/en/stable/modules.html#root-on-loopback-rfc- > 7706> > > This link worked for me: > https://knot-resolver.readthedocs.io/en/stable/modules-rfc7706.html. > > Questions: > > 1- It seems that this document replaces RFC7706, but the document states > that > it updates RFC7706, is that correct? > > 2- Abstract: "The cost of adding some operational fragility for the > operator", > Does it introduce security considerations that have to be mentioned? > > 3- Section 1: "Research shows that the vast majority of queries going to > the > root are for names that do not exist in the > root zone." - Do you have some references to that research that can be > added > to the draft? > > 4- I would expand KSK to Key signing key (KSK). > > 5- Should this draft add a reference to rfc8499? > > Thank you for this document, > > Ines. > > >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop