On Wed, Feb 11, 2015 at 03:44:31PM +0100, Pier Carlo Chiodi wrote: > >Wild idea: Could it be solved by adding more information to SERVFAIL > >answer? > > a draft was proposed with this very topic, but it's expired now: > > https://datatracker.ietf.org/doc/draft-hunt-dns-server-diagnostics/
I'd be happy to revive it, especially now that it's explicitly within dnsop's remit. I don't recall anyone objecting to the idea; it just wasn't high-urgency and I had other business to attend to. It's important that diagnostic signaling only be used for human troubleshooting purposes and not as input to a policy decision, such as "ignore DNSSEC failures due to expired signatures" or something, because the diagnostic messages would be trivial to spoof. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop