Ray Bellis wrote:
On 30/01/2018 18:59, Andrew Sullivan wrote:
Because of that same section, also, signing the answer should also not
be controversial because the answer is static. My preference,
however, would be for the root servers to REFUSE to answer such
queries.
Won't that cause the resolver to cycle through every root server letter
hoping for one that doesn't give that answer?
yes. that's what REFUSED is taken to mean, and also, why we never use it
for data-dependent conditions. only the initiator's identity matters in
the consideration of whether to transmit REFUSED or not.
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
