On 02/07/2018 15:39, Paul Wouters wrote: > If you are trusting an unsigned A record in the answer section, you might > as well trust the unsigned AAAA record in the additional section too. > > I think minimum responses should still always just include this.
As others have pointed out, the problem is that if you don't get the AAAA you can't be sure it doesn't exist (unless there's also an NSEC record proving it). I've just refreshed my multi-qtypes draft because it was about to expire anyway, but also because it does include signalling to allow the client to differentiate between a second QTYPE that doesn't exist vs one that the server just doesn't have right now. Ray _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
