Ben Schwartz <bemasc=40google....@dmarc.ietf.org> wrote:
>
> > > If the server does not complete this procedure (e.g. due to response size
> > > limits), it MUST remove any SOA records from the Additional section.
> > > Recursive resolvers MAY use the presence of an SOA record in the
> > > Additional
> > > section to enable negative caching of the follow-up queries, as in
> > > {{?RFC2308}}.
> >
> > I'm not sure I understand this paragraph. Truncation is normally from the
> > end of the additional section backwards, so it is really weird to drop
> > records from the authority section first. SOA (start of authority) records
> > go in the authority section not the additional section
>
>
> In this procedure, "all returned records" for follow-up queries are added
> to the Additional section. Therefore, there could be SOA records in the
> Additional section.
I thought the target types were just A, AAAA, SVCB, so where does the SOA
come from?
> > The DNS doesn't allow a client to know that additional data doesn't exist
> > when it is omitted from a response. It sucks, but that's the way it is.
> >
>
> Yes; this proposal would change that in this case. If you think it won't
> work, I'd love to know why.
I can't see anything in the current SVCB draft that would change this.
There's simply no way to put a negative answer in an additional section
(without DNSSEC) - RFC 2308 relies on the context of the message header
and query sections and they don't exist for additional records.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
protect and enlarge the conditions of liberty and social justice
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
