On Mar 6, 2015, at 1:20 PM, Paul Vixie <p...@redbarn.org<mailto:p...@redbarn.org>> wrote:
i now realize that the draft should cover "meta queries" in general, including RD=0 to a recursive server, AXFR and IXFR, and ANY of course, and whatever else we can come up with. and the recommendation should be to place these query types behind some access control mechanism, to prevent them from being used in normal DNS operations, but to support their use for diagnostic or other close-relationship activities (zone transfers). While I agree with this idea, I wonder if from a clarity of deployment point of view, as well as a speed point of view, it would be easier to divide this into two different documents: 1. Deprecate the ANY query 2. “Meta queries” should be behind some access control mechanism Is there anyone arguing that the ANY query should still be around? Or can we agree that ANY is now a query that has outlived its usefulness and needs to fade away? I say that because I think if we agree ANY should go, we should be extremely clear about that and, as Simon said, break ANY significantly so that people stop relying on it and stop supporting it in DNS clients and applications. Get rid of it. And provide that guidance in an extremely simple and clear manner. (Realizing, of course, that all we can do is make the recommendation and encourage operators and app developers to follow that recommendation.) Separately, we can also provide guidance that other meta queries should be put behind some kind of access control mechanism. My worry about grouping ANY with the other meta queries is that it may indicate to people that it is still okay to implement the ANY query. My 2 cents, Dan -- Dan York Senior Content Strategist, Internet Society y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624 Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org> Skype: danyork http://twitter.com/danyork http://www.internetsociety.org/deploy360/
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
