idnits 2.17.00 (12 Aug 2021) /tmp/idnits36315/draft-wkumari-dnsop-cheese-shop-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 8, 2015) is 2417 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-03) exists of draft-fujiwara-dnsop-nsec-aggressiveuse-01 Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group W. Kumari 3 Internet-Draft Google 4 Intended status: Informational G. Huston 5 Expires: April 10, 2016 APNIC 6 October 8, 2015 8 Believing NSEC records in the DNS root. 9 draft-wkumari-dnsop-cheese-shop-00 11 Abstract 13 This document cuts down on junk queries to the DNS root and improves 14 performance by answering queries locally from compliant resolvers. 15 It does this by actually believing the NSEC responses. 17 [ Ed note: Text inside square brackets ([]) is additional background 18 information, answers to frequently asked questions, general musings, 19 etc. They will be removed before publication.] 21 [ This document is being collaborated on in Github at: 22 https://github.com/wkumari/draft-wkumari-dnsop-cheese-shop. The most 23 recent version of the document, open issues, etc should all be 24 available here. The authors (gratefully) accept pull requests ] 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on April 10, 2016. 43 Copyright Notice 45 Copyright (c) 2015 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Background . . . . . . . . . . . . . . . . . . . . . . . . . 2 61 2. Believing NSEC records. . . . . . . . . . . . . . . . . . . . 2 62 2.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 63 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 64 4. Security Considerations . . . . . . . . . . . . . . . . . . . 3 65 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 3 66 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 3 67 6.1. Normative References . . . . . . . . . . . . . . . . . . 3 68 6.2. Informative References . . . . . . . . . . . . . . . . . 3 69 Appendix A. Changes / Author Notes. . . . . . . . . . . . . . . 4 70 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 4 72 1. Background 74 [ This section may be removed before publication... but I'd prefer 75 not, it provides useful context ] 77 The title of this draft (draft-wkumari-dnsop-cheese-shop) comes from 78 a famous Monty Python skit - "The Cheese Shop". Knowledge of the 79 skit is mandatory background knowledge for this document... 81 Video here: https://www.youtube.com/watch?v=PPN3KTtrnZM 83 2. Believing NSEC records. 85 This is a simply a refinement of 86 [I-D.fujiwara-dnsop-nsec-aggressiveuse], for a limited use case. 87 Fiull credit to the authors of the aforementioned draft, and this 88 draft does not replace that draft, nor remove the need for the 89 broader consideration of the use of NSEC records as described in 90 [I-D.fujiwara-dnsop-nsec-aggressiveuse]. 92 The scope of this document is addressed specifically to recursive 93 validating resolvers when querying the root zone. 95 If the (DNSSEC validated) answer to a query to a root server is an 96 NXDOMAIN then the resolver SHOULD cache the NSEC record provided in 97 the response. The resolver should NOT send further queries for names 98 within the range of the NSEC record for the lifetime of the cached 99 NSEC TTL. Instead, the resolver SHOULD answer these queries directly 100 with NXDOMAIN (and NSEC records if so signalled by EDNS). They 101 SHOULD set the AA bit and AD bits. 103 2.1. Requirements notation 105 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 106 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 107 document are to be interpreted as described in [RFC2119]. 109 3. IANA Considerations 111 This document contains no IANA considerations. 113 [ We MAY want to add something about setting the NSEC TTL 114 appropriately?! ] 116 4. Security Considerations 118 TODO: Fill this out! 120 5. Acknowledgements 122 The authors wish to thank some folk. 124 6. References 126 6.1. Normative References 128 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 129 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 130 RFC2119, March 1997, 131 . 133 6.2. Informative References 135 [I-D.fujiwara-dnsop-nsec-aggressiveuse] 136 Fujiwara, K. and A. Kato, "Aggressive use of NSEC/NSEC3", 137 draft-fujiwara-dnsop-nsec-aggressiveuse-01 (work in 138 progress), July 2015. 140 Appendix A. Changes / Author Notes. 142 [RFC Editor: Please remove this section before publication ] 144 From -00 to -01. 146 o Nothing changed in the template! 148 Authors' Addresses 150 Warren Kumari 151 Google 152 1600 Amphitheatre Parkway 153 Mountain View, CA 94043 154 US 156 Email: warren@kumari.net 158 Geoff Huston 159 APNIC 160 6 Cordelia St 161 South Brisbane QLD 4001 162 AUS 164 Email: gih@apnic.net