Last Call Review of draft-ietf-dnsop-7706bis-07
review-ietf-dnsop-7706bis-07-secdir-lc-dunbar-2020-02-24-00
| Request | Review of | draft-ietf-dnsop-7706bis |
|---|---|---|
| Requested revision | No specific revision (document currently at 12) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2020-02-28 | |
| Requested | 2020-02-14 | |
| Authors | Warren "Ace" Kumari , Paul E. Hoffman | |
| Draft last updated | 2020-02-24 | |
| Completed reviews |
Opsdir Last Call review of -07
by
Jouni Korhonen
(diff)
Secdir Last Call review of -07 by Linda Dunbar (diff) Genart Last Call review of -07 by Ines Robles (diff) |
|
| Assignment | Reviewer | Linda Dunbar |
| State | Completed | |
| Review |
review-ietf-dnsop-7706bis-07-secdir-lc-dunbar-2020-02-24
|
|
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/0jM9fwmgpN5PfDzi4fY8IcZ2m_c | |
| Reviewed revision | 07 (document currently at 12) | |
| Result | Has Nits | |
| Completed | 2020-02-24 |
review-ietf-dnsop-7706bis-07-secdir-lc-dunbar-2020-02-24-00
Reviewer: Linda Dunbar Review result: Ready with questions I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The Abstract of This document claims that this document shows how to start and maintain a copy of the root zone in the Recursive Resolvers so that the Resolvers don't need to send query to another node. Two questions: - What if the node is not authorized to have the entire records? It would desirable for the Resolvers to have all the records of the root zone. Is there any scenario that the Resolvers simply cannot get all the records of the root zone? - How to detect if any records stored in the Resolver are STALE? Page 3, last sentence of the 3rd paragraph: is it a typo? or miss a verb? "... it would all responses from a remote root server" Cheers, Linda Dunbar