With full realization that this is coming very late in the game, we had a great deal of internal conversation within Dyn about implementing refuse-any, and came away unsatisfied with both the "subset" and "HINFO" approaches—the latter because of reasons that have already been covered, and the former for lacking in-band signaling of non-"conventional" incompleteness to aid legitimate use.
I believe there is sufficient cause to reserve a new OPT record EDNS header flag bit <http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-13> for indicating "partial response" (as distinct from "truncation"). It will be safely ignored by current clients, but convey the desired information to those in the know. P.S. Our discussion also raised some more minor points: - Insisting that the HINFO OS field SHOULD be empty ("set to the null string") seems a little too strong; there's room in it for (and value from) a short explanation (e.g., cloudflare.com. 3789 IN HINFO "Please stop asking for ANY" "See draft-ietf-dnsop-refuse-any"). I'd prefer text like "The OS field of the HINFO RDATA SHOULD be short to minimize the size of the response, and MAY be empty or MAY include a summarized description of local policy." - "Conventional [ANY] response" is used but not defined. - "ANY does not mean ALL" is misleading—RFC 1035 <https://tools.ietf.org/html/rfc1035#section-3.2.3> is clear about QTYPE=255 being "a request for *all* records" (emphasis mine). That said, the proposed *response* behavior is consistent with that RFC. On Thu, Feb 9, 2017 at 12:56 AM, <internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations of the IETF. > > Title : Providing Minimal-Sized Responses to DNS Queries > that have QTYPE=ANY > Authors : Joe Abley > Olafur Gudmundsson > Marek Majkowski > Filename : draft-ietf-dnsop-refuse-any-04.txt > Pages : 10 > Date : 2017-02-08 > > Abstract: > The Domain Name System (DNS) specifies a query type (QTYPE) "ANY". > The operator of an authoritative DNS server might choose not to > respond to such queries for reasons of local policy, motivated by > security, performance or other reasons. > > The DNS specification does not include specific guidance for the > behaviour of DNS servers or clients in this situation. This document > aims to provide such guidance. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any-04 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-refuse-any-04 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
