________________________________ From: Geoff Huston <[email protected]>
> If this was a proposal to completely replace incremental queries with only > full zone transfers then there are many issues, including the ones you refer > to above. But it's not proposing any such replacement - its proposing to > augment the mechanisms available to recursive resolvers. Augment, not replace. I'm not sure anyone is literally advocating for replacing the root servers with Local Root, but I do think this is the essential question. Is Local Root an optimization for a small population of resolvers who are willing to do a lot more work? Or is it the way forward for a large portion of all full resolvers? Will it become a special behavior only deployed by the hyperscalers, or a default-enabled setting in BIND? Post-DELEG, I think there may well be a good reason for very wide deployment of Local Root. (In particular, I think it may be easier to deploy Local Root than DoQ to the root, leaving Local Root as the only way to get fully encrypted resolution.) To get there, I think we need a clearly defined profile of Local Root that doesn't depend on HTTP. We can certainly define HTTP-based methods of downloading the root zone, but I would like to see a clear demarcation in the drafts to separate those methods from a compact core specification. --Ben Schwartz
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
