Thank you so much for your review, Miek!
Sincerely,
-Alex
On Thu, Mar 16, 2023 at 2:35 PM Miek Gieben <miek@xxxxxxx> wrote:
[ Quoting <achernya@xxxxxxxxxx> in "Re: Dnsdir last call review of draf..." ]
>> Should the IP proxy care about the TTL of the looked up name?
>
>I believe the answer to this one should be "no". It is fairly well established
>that clients are permitted to have long-running connections that exceed the DNS
>TTL, and that is something that DNS-based loadbalancers have to handle. HTTP2
>(RFC 9113) made HTTP connections much longer-lived, and I don't see any
>discussion of TTLs there. Implementations are, of course, free to consult the
>TTL and reconnect more frequently, but I don't think that is something that we
>need to require in this draft, as ultimately TTLs only control DNS caching.
I've figured that much, but thank you for clarifying.
>> Should the IP Proxy do a DNSSEC lookup or a plain DNS lookup
>
>I believe this is another area where the proxy should use the system
>configuration. If the local resolver respects DNSSEC, then the proxy would also
>respect DNSSEC. It is certainly an interesting potential future extension to be
>considered to allow clients to ask the proxy to require DNSSEC for DNS
>resolution, but not something I think we need to address in the base draft.
Yep, that make sense and I agree this doesn't need extra wording in the current draft.
Then from the dnsdir perspective this doc is ready.
Cheers,
Miek
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
