2014-10-30 05:27:37 GMT
I am reviewing draft-wkumari-dnsop-root-loopback-00 and draft-wkumari-dnsop-dist-root-01. I have some questions about some details of the draft:
First, when a resolver falls back to legacy operation, I guess there should be a retry interval for it to retry to work in the loopback operation (I mean the operation the draft described). But the draft does not mention how to set it. Is there any suggestion about the value of retry interval or is this something we should test about?
The other, as far as I concerned, every record in the zone file should be validated by resolver using DNSSEC. Even any one of them cannot be validated; the resolver should discard the zone file and try another server in the list. If the entire list is tried, it should log an error and fall back to legacy operation. May it lead the resolver to fall back to legacy operation often since error are likely to happen such as any unsigned TLDs or validation failure? And, with the increase size of zone file in future, may this validation for each TLD cause a degradation of QPS in resolver?
Runxia Wan(Brian) Research Engineer
BII Lab Beijing Internet Institute(BII) rxwan <at> biigroup.cn
_______________________________________________ DNSOP mailing list DNSOP <at> ietf.org https://www.ietf.org/mailman/listinfo/dnsop