Thanks, Duane! Barry On Wed, Aug 9, 2023 at 5:14 PM Wessels, Duane <dwessels@xxxxxxxxxxxx> wrote: > > Thanks Barry for the good feedback. I've updated our source document with the changes you've suggested. > > DW > > On 8/9/23, 1:10 PM, "Barry Leiba via Datatracker" <noreply@xxxxxxxx <mailto:noreply@xxxxxxxx>> wrote: > > > > Reviewer: Barry Leiba > Review result: Ready with Nits > > > Thanks for a well-written document. I found the background information in > Section 1.1 to be particularly interesting. Just a couple of very small > editorial points there: > > > operating system vendor was providing non-root trust anchors to the > recursive resolver, which became out-of-date following the rollover. > > > Nit: This use of “out of date” should not be hyphenated, as it’s not directly > modifying anything (“out-of-date trust anchors” would be hyphenated, but “the > trust anchors are out of date” would not be). > > > In 2021, Verisign researchers used botnet query traffic to > demonstrate that certain large, public recursive DNS services exhibit > very high query rates when all authoritative name servers for a zone > return REFUSED or SERVFAIL [botnet]. When configured normally, query > rates for a single botnet domain averaged approximately 50 queries > per second. However, when configured to return SERVFAIL, the query > rate increased to 60,000 per second. > > > In the two “when configured” phrases it’s not clear what was configured, > normally and otherwise. Taken as written, it’s “query rates”, but those are > clearly not things that get configured. In trying to figure out what you *are* > referring to, I find that a reader could infer either “public recursive DNS > services” or “authoritative name servers”. Let’s not make readers work that > hard: > > > NEW > In 2021, Verisign researchers used botnet query traffic to > demonstrate that certain large, public recursive DNS services exhibit > very high query rates when all authoritative name servers for a zone > return REFUSED or SERVFAIL [botnet]. When the authoritative servers > were configured normally, query rates for a single botnet domain > averaged approximately 50 queries per second. However, with the > servers configured to return SERVFAIL, the query rate increased to > 60,000 per second. > END > > > I have no other comments on the document, and I think it's ready to go. > > > > > > > -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
