Reviewer: Ines Robles Review result: Ready with Nits I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. Document: draft-ietf-dnsop-7706bis-07 Reviewer: Ines Robles Review Date: 2020-02-28 IETF LC End Date: 2020-02-28 IESG Telechat date: Not scheduled for a telechat Summary: The document is well written, it supplies appendixes with examples. This document describes a method for the operator of a recursive resolver to have a complete root zone locally, and to hide queries for the root zone from outsiders, at the cost of adding some operational fragility for the operator. I have some minor questions. Major issues: None Minor issues: None. Nits/editorial comments: 1- Appendix B.5: it seems that the link is not valid: <https://knot- resolver.readthedocs.io/en/stable/modules.html#root-on-loopback-rfc- 7706> This link worked for me: https://knot-resolver.readthedocs.io/en/stable/modules-rfc7706.html. Questions: 1- It seems that this document replaces RFC7706, but the document states that it updates RFC7706, is that correct? 2- Abstract: "The cost of adding some operational fragility for the operator", Does it introduce security considerations that have to be mentioned? 3- Section 1: "Research shows that the vast majority of queries going to the root are for names that do not exist in the root zone." - Do you have some references to that research that can be added to the draft? 4- I would expand KSK to Key signing key (KSK). 5- Should this draft add a reference to rfc8499? Thank you for this document, Ines. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call