Last Call Review of draft-ietf-dnsop-rfc7816bis-09
review-ietf-dnsop-rfc7816bis-09-secdir-lc-eastlake-2021-06-07-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. Document editors and WG chairs should treat these comments just
like any other last call comments.

The summary of the review is READY.

This is an excellent draft about how to minimize the information sent
to higher level DNS servers (those serving zones closer to root) to
protect privacy. There are more subtleties and 2nd order potential
difficulties with this than I would have expected but, as far as I can
tell, these are all covered by the draft, as one might expect in a bis
draft that incorporates lessons learned in the deployment of the
original (RFC 7816).

One wonders if/when it might be better to use AAAA as the substitute
QTYPE for minimized queries rather than A  :-)

Below I have a few suggested wording changes which I believe would be
small improvements but I consider optional.

Minor Suggestions:

Section 1, page 3: "this choice at this time" -> "this choice at that time"

Section 1.1, page 3:
"lessons learned from implementing QNAME minimization" ->
"lessons learned from implementing RFC 7816 QNAME minimization"

Section 2.1, page 5: To clarify, for readers who don't know, that RFC
8305 is the happy eyeballs RFC:
OLD
   records.  Another potential benefit of using QTYPE=A is that
   [RFC8305] clients that need answers for both the A and AAAA types
NEW
   records.  Another potential benefit of using QTYPE=A is that
   happy eyeballs [RFC8305] clients that need answers for both the A
and AAAA types

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com