[ Quoting <achernya@xxxxxxxxxx> in "Re: Dnsdir last call review of draf..." ]
Should the IP proxy care about the TTL of the looked up name?
I believe the answer to this one should be "no". It is fairly well established
that clients are permitted to have long-running connections that exceed the DNS
TTL, and that is something that DNS-based loadbalancers have to handle. HTTP2
(RFC 9113) made HTTP connections much longer-lived, and I don't see any
discussion of TTLs there. Implementations are, of course, free to consult the
TTL and reconnect more frequently, but I don't think that is something that we
need to require in this draft, as ultimately TTLs only control DNS caching.
I've figured that much, but thank you for clarifying.
Should the IP Proxy do a DNSSEC lookup or a plain DNS lookup
I believe this is another area where the proxy should use the system
configuration. If the local resolver respects DNSSEC, then the proxy would also
respect DNSSEC. It is certainly an interesting potential future extension to be
considered to allow clients to ask the proxy to require DNSSEC for DNS
resolution, but not something I think we need to address in the base draft.
Yep, that make sense and I agree this doesn't need extra wording in the current draft.
Then from the dnsdir perspective this doc is ready.
Cheers,
Miek
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
