On Sun, Mar 8, 2015 at 2:55 PM, Brian Dickson <brian.peter.dick...@gmail.com > wrote:
> Hey, everyone, > [snip] > "dig"-friendly. > Okay, thinking about this a bit more... Recursive vs authoritative, RD=0 vs RD=1. In all combinations of the above, do the "new thing", except for one corner case: if(RD==1 && I_AM_AUTHORITY) then do_ANY (Which happens to be the default if someone uses "dig" against an auth server). I'm pretty sure this qualifies as "leaks nothing". This stops clients asking recursives for ANY, and stops recursives asking authorities for ANY (with RD=0). And, FWIW, I like the noerror/nodata answer. Brian
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop