Last Call: <draft-ietf-dnsop-nsec-aggressiveuse-08.txt> (Aggressive use of DNSSEC-validated Cache) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The IESG has received a request from the Domain Name System Operations WG
(dnsop) to consider the following document:
- 'Aggressive use of DNSSEC-validated Cache'
  <draft-ietf-dnsop-nsec-aggressiveuse-08.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2017-03-27. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


   The DNS relies upon caching to scale; however, the cache lookup
   generally requires an exact match.  This document specifies the use
   of NSEC/NSEC3 resource records to allow DNSSEC validating resolvers
   to generate negative answers within a range, and positive answers
   from wildcards.  This increases performance / decreases latency,
   decreases resource utilization on both authoritative and recursive
   servers, and also increases privacy.  It may also help increase
   resilience to certain DoS attacks in some circumstances.

   This document updates RFC4035 by allowing validating resolvers to
   generate negative answers based upon NSEC/NSEC3 records (and positive
   answers in the presence of wildcards).

   [ Ed note: Text inside square brackets ([]) is additional background
   information, answers to frequently asked questions, general musings,
   etc.  They will be removed before publication.This document is being
   collaborated on in Github at: https://github.com/wkumari/draft-ietf-
   dnsop-nsec-aggressiveuse.  The most recent version of the document,
   open issues, etc should all be available here.  The authors
   (gratefully) accept pull requests.]




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec-aggressiveuse/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec-aggressiveuse/ballot/


No IPR declarations have been submitted directly on this I-D.


The document contains these normative downward references.
See RFC 3967 for additional information: 
    rfc6982: Improving Awareness of Running Code: The Implementation Status Section (Experimental - IETF stream)
    draft-fujiwara-dnsop-nsec-aggressiveuse: Aggressive use of NSEC/NSEC3 (None - IETF stream)
    rfc7129: Authenticated Denial of Existence in the DNS (Informational - Independent Submission Editor stream)
    rfc7719: DNS Terminology (Informational - IETF stream)
Note that some of these references may already be listed in the acceptable Downref Registry.





[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux