Created
April 26, 2020 11:05
-
-
Save Habbie/1fe11d411a520599be82da2fa87c7ec1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/draft-vandijk-dprive-ds-dot-signal-and-pin/draft-vandijk-dprive-ds-dot-signal-and-pin.md b/draft-vandijk-dprive-ds-dot-signal-and-pin/draft-vandijk-dprive-ds-dot-signal-and-pin.md | |
index f3e7770..918e5d3 100644 | |
--- a/draft-vandijk-dprive-ds-dot-signal-and-pin/draft-vandijk-dprive-ds-dot-signal-and-pin.md | |
+++ b/draft-vandijk-dprive-ds-dot-signal-and-pin/draft-vandijk-dprive-ds-dot-signal-and-pin.md | |
@@ -98,13 +98,21 @@ The pseudo DNSKEY type can be used in CDNSKEY and CDS, as defined in RFC7344, re | |
# Implementation | |
The subsection titles in this section attempt to follow the terminology from [@RFC8499] in as far as it has suitable terms. | |
+'Implementation' is understood to mean both 'code changes' and 'operational changes' here. | |
## Authoritative server changes | |
+This specification defines no changes to query processing in authoritative servers. | |
+ | |
+If DoT-signaling DS records are published for a zone, all name servers for the zone (from both the parent-side and child-side NS RRsets) SHOULD offer DoT service on port 853, and when they do, they SHOULD do so using keys present in the DS RRset. | |
+If, for some reason (such as a domain being hosted by two operators, one of which does not offer DoT), some of the name servers for the domain cannot offer DoT, those name servers MUST fail swiftly when a connection to tcp/853 is attempted, by providing a TCP RST. | |
+ | |
## Validating resolver changes | |
## Stub resolver changes | |
+This specification defines no changes to stub resolvers. | |
+ | |
## Zone validator changes | |
## Domain registry changes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment