Doug Barton <do...@dougbarton.us> writes: > On 06/04/10 19:40, Paul Vixie wrote: >> ... >> >> unless a new IETF RFC comes along and disambiguates the meaning of "DO" >> such that it's only to be set if the requestor thinks it has a >> reasonable shot at validating the resulting metadata, i expect BIND to >> keep setting "DO" on all EDNS requests it generates. and i don't think >> you can make a _public benefit_ argument that this is wrong even though >> there are _private benefit_ arguments. > > ... > > With my business hat on though I can see at least 2 possible use cases for > DO=0. The first being related to this thread, "I can't/won't fix/remove the > firewall today, I just want my resolver to work."
it works. it's just slower because it has to fall back. this is one of the reasons we fall back to BUFSIZE=512 before falling all the way back to DNS (that is, turning EDNS off all together.) > The hapless user in that spot is either going to use another vendor, or > go back to the old version of BIND that "works." I know market share > isn't a _primary_ concern for BIND, but I would argue that the "go back > to old version" answer to this dilemma is something that we should all be > concerned about. that's been *very* rare on this point. ISC is concerned about relevance, since we don't want to develop stuff that folks don't want to use. that's *not* happening en masse in this case. > ... > > In all fairness, I don't have any actual clients telling me that DO=1 is > a problem for them, this is pure speculation on my part; ... yes, i know that, because i'd see the other side of it if it was going on. -- Paul Vixie KI6YSY _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users