On 26 Nov 2014, at 15:42, Paul Hoffman wrote:
> Greetings. Warren and I updated the draft a bit to reflect input from the WG,
> and to add another configuration example (for Windows Server).
I think the general problem space of how we distribute authoritative data to
caches is well worth thought and investigation. The model "if you want good
end-user performance, you need to anycast your authority servers all over the
planet or pay someone to do it for you" is a poor one, no matter how much we
enjoy it at Dyn.
This document is thinking in that direction, but it is restricting itself to
what is arguably the best-served DNS zone in the world, with the most spare
capacity in its infrastructure, and which is least in need of improvement.
Generally, I am against adding complexity without benefit.
I continue to be concerned that slaving the root zone on (or near!) validators
smells like a configure-and-forget project for some sysadmin who has since left
the company, and the people left are only one firewall rule change away from
weird troubleshooting nightmare. I agree that carefully documenting how this
should be done is better than leaving those people with no documentation at all
when they need it at 3am.
I think the document is well-written and clear, but that it needs the risks
(non-zero) and benefits (near-zero) to be clearly discussed, and to avoid any
unwarranted suggestion that doing this is sensible in the general case.
So...
On 14 Nov 2014, at 15:40, Wes Hardaker wrote:
> Warren Kumari writes:
>
>> We are requesting a call for adoption of
>> draft-wkumari-dnsop-root-loopback.
>
> Support adopting, but we will need to talk about careful wording of when
> to use it and when not to.
... +1 to Wes' conditional support above.
I will review, contribute text when not swamped by other things, etc.
Joe
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
