I'd rather you keep it [positive answers]
+1
Keep the positive, rather than writing a separate RFC for that later.
Why not but, in that case, this would send back the document for
several weeks, since the text about positive answers in -02 was very
limited and unclear (dropping it, like -03 did, is easier.)
It is not just a matter of "keeping positive answers", it is a matter
of "seriously studying the case of positive answers, which was
neglected in the previous discussions".
It still seems to me that the time to add the wildcards back in would be
less than the time to do two separate documents. Unless there's some
reason that this needs to be published in a hurry, I'd rather get to a
point where we agree that wildcard synthesis is OK.
Having looked at this probably more than most people, there are some
points worth clarifying. Most notably, due to the closest encloser rule,
it is not possible in general to synthesize every wildcard result but I
it's possible to synthesize many useful ones.
For example, let's say you query a.foo.example, and get back an answer
saying it was synthesized from *.foo.example and the NSEC says the next
name is c.foo.example. Then you can synthesize b.foo.example, but you
can't synthesize d.foo.example. That's a limitation, but that's OK. It
looks to me like most of the wildcards where this would be useful have no
exceptions, such as the ones to put all of a IPv6 /64 into a DNS whitelist
or blacklist.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
