Joe Abley <jab...@hopcount.ca> wrote: > > If anybody else here has thoughts about specific text or violent > objections to including QTYPE=RRSIG in general, please let me know (I > looked in the mail archive but couldn't find any there).
I think it's helpful to mention RRSIG explicitly since it isn't immediately obvious that it's a stealth ANY query. (It becomes apparent to implementers fairly rapidly tho!) > As we discuss (see Stephane's points) in the case of multiple > transports, perhaps we can also recommend that implementors provide > configuration options to allow administrators to deal with ANY, RRSIG, > neither or both. That way we get flexibility that matches deployment, > but we also get a reference for handling RRSIG in a predictable way. I think the draft should recommend a simple on/off switch and describe sensible behaviour when it is on. Mainly because I think we know what that sensible behaviour is, and I don't think it's a big enough feature to deserve a lot of configuration and documentation complexity. Having said that, the initiator side (section 5) needs a bit of work. Something like, ANY queries SHOULD be sent using the same choice of transport as other queries (typically, try UDP first, and only use TCP if the response is truncated). As an exception, debugging and diagnostics tools MAY have a special case for ANY queries. (bleeding-edge versions of `dig` use TCP for ANY) Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Bailey: East becoming cyclonic, 6 to gale 8. Moderate or rough, becoming rough or very rough. Rain or showers. Good, occasionally poor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
