On Tue, Mar 28, 2017 at 10:47:02PM -0500, John R Levine wrote: > That's exactly the problem -- a server that doesn't handle BULK will > return the wrong answer. It might return the BULK record itself or > NXDOMAIN for an address that BULK would synthesize.
And, if the zone is signed, it'll be provably wrong. I don't think it's enough to handwave the problem as "not of great concern". At least, please add some operational advice that BULK is not to be deployed in any domain unless all auth servers for that domain fully implement it. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop