Ben Schwartz <bemasc=40google....@dmarc.ietf.org> wrote: > > > > If the server does not complete this procedure (e.g. due to response size > > > limits), it MUST remove any SOA records from the Additional section. > > > Recursive resolvers MAY use the presence of an SOA record in the > > > Additional > > > section to enable negative caching of the follow-up queries, as in > > > {{?RFC2308}}. > > > > I'm not sure I understand this paragraph. Truncation is normally from the > > end of the additional section backwards, so it is really weird to drop > > records from the authority section first. SOA (start of authority) records > > go in the authority section not the additional section > > > In this procedure, "all returned records" for follow-up queries are added > to the Additional section. Therefore, there could be SOA records in the > Additional section.
I thought the target types were just A, AAAA, SVCB, so where does the SOA come from? > > The DNS doesn't allow a client to know that additional data doesn't exist > > when it is omitted from a response. It sucks, but that's the way it is. > > > > Yes; this proposal would change that in this case. If you think it won't > work, I'd love to know why. I can't see anything in the current SVCB draft that would change this. There's simply no way to put a negative answer in an additional section (without DNSSEC) - RFC 2308 relies on the context of the message header and query sections and they don't exist for additional records. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ protect and enlarge the conditions of liberty and social justice _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop