On 10/05/2022 21.55, Murray Kucherawy via Datatracker wrote:
Regarding the SHOULD in Section 3.2, what other action might a resolver legitimately return, and why?
Extended errors (RFC8914) generally aren't "mandatory", so they may return none. In practice I also see quite some leeway in which EDE(s) to return, because there are more complex cases than matching a single one and implementing everything precisely might be very difficult. (For example, one error got encountered and then the resolver retried against with a different RRSIG record or asked a different server and got a different error or none.)
Same question for the SHOULD in Section 4.
Here it's a tradeoff, and not all operators/vendors will have exactly the same view. Some are very sensitive about producing "unnecessary" resolution errors (SERVFAILs in this case) and are willing to pay by (possibly) doing more CPU work, etc.
--Vladimir | knot-resolver.cz _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
