On Sun, Feb 7, 2016 at 2:16 PM, Tony Finch <d...@dotat.at> wrote: > Another question: > > In order to minimize responses even further, I have made my code omit or > include signature records depending on whether DO=0 or DO=1. That is, and > ANY query with DO=0 gets one arbitrary unsigned RRset in response, and an > ANY query with DO=1 gets one arbitrary signed RRset. > > Is this sensible, and if do should it be suggested by the draft? > > Tony: the draft says right now:
A DNS responder which receives an ANY query MAY decline to provide a conventional response, and MAY instead send a response with a single RRSet in the answer section. The RRSet returned in the answer section of the response MAY be a single RRSet owned by the name specified in the QNAME. Where multiple RRSets exist, the responder MAY choose a small one to reduce its amplification potential. Is that not sufficient ? Olafur
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
