On 3/28/23 03:14, Shumon Huque wrote:
On Tue, Mar 28, 2023 at 3:45 AM Viktor Dukhovni <ietf-d...@dukhovni.org <mailto:ietf-d...@dukhovni.org>> wrote: On Wed, Mar 01, 2023 at 04:27:31PM -0500, Shumon Huque wrote: Can we at least state that domains with cyclic dependencies are a bad idea, and may not be supported by all resolvers. In other words, that the domain owner can't **rely** on the sibling glue recommended to be sent in this draft to save the day. My strong preference is still to delete all reference in the draft to cyclic dependencies (i.e. not enshrine bad practice). Which leaves sibling glue primarily as a performance optimisation, and secondarily as a last resort when the nameserver IP addresses are wrong or gone from the authoritative zone (another bad practice). Viktor - I've so far not seen many other people speak up in support of your position. I suspect this is because this draft was discussed to death many months ago during long discussion threads on the list, and there is likely already rough consensus for the current content. Personally, I would be ok with adding a statement that configurations involving cyclic dependencies are not recommended, but others will likely have to also speak up in support of this too.
I support adding such a statement about cyclic dependencies. In addition, I would support saying that data suggests that, while (non-cyclic) glue records may have a benefit in certain cases, they frequently are a source of harm (time-outs), and the trade-off remains unclear. FWIW, I hold this opinion because I find Viktor's numbers pretty convincing. However, as I've never operated a resolver, I'm convinced solely based on what I've read (to the best of my ability), not based on what I've experienced. Others' first-hand experience may be more material. ~Peter _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
