At Thu, 11 Jan 2018 11:29:20 -0800, Ólafur Guðmundsson <ola...@cloudflare.com> wrote:
> > > In the spirit of being helpful to recursive resolvers the right answer > > IMHO > > > is the referral from the > > > zone above the query name. > > > > I'm not sure if I understand you so please let me be more explicit. > > Are you talking about the so-called grandparent problem case, like the > > case of this thread? > > yes Okay, then, I don't think this is correct: >> I hate having my own RFC thrown at me, >> but it may or may not apply as there is another corner case that I/WG did >> not consider, in that you should have considered it at the time of drafting RFC3658 (Section 2.2.1.2.). And, at the risk stating something too obvious to you, my understanding of the rationale of the RFC is that: when a server authoritative for root-servers.net. and for . , but not for net receives a query for root-servers.net/DS and if it returns a referral to net, a non-DNSSEC-aware resolver can consider it a lame delegation, since the resolver may think it already reaches the root-servers.net zone but see a referral higher than that. This makes sense to me. Now, given you should already well understand it, perhaps you mean this case should be considered too minor and it's better to make DNSSEC-aware resolvers happier at the cost of making older resolvers suffer from false-lame? If so, I see it's worth discussing. But IMO that would be far beyond the scope of an errata (as this thread originally suggests) - it should be discussed in a scope of some official bis specification. -- JINMEI, Tatuya _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
