On Thu, 09 Jul 2009, Livingood, Jason wrote: > I submitted this draft, which you can find at > http://tools.ietf.org/html/draft-livingood-dns-redirect-00, before > the =??00 cutoff on Monday, and it will be discussed in the DNSOP WG > meeting at IETF 75 (it is listed on the agenda).
I think that this sort of lying recursive resolver is a bad idea. Instead, I suggest a new "SUGGESTION" RR type that could be returned in the additional section of an error message. For example, if you ask for www.example.invalid, you could get back an NXDOMAIN error, with "SUGGESTION URL=http://10.2.3.4/www.example.invalid"; in the additional section, and if you ask for censored.example. you could get back a SERVFAIL response with "SUGGESTION URL=http://10.2.3.4/why-we-censor.html"; in the additional section. Clients who want to follow such suggestions can then do so, without harming clients who don't want to be lied to. --apb (Alan Barrett) _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
