Hello Robert,
On Tue, 2021-11-30 at 11:51 -0500, Robert Edmonds wrote:
> If the goal is to avoid mandating extra code paths in typical
> authoritative servers
To me, this indeed is the goal.
> , I would suggest something like the following
> which narrowly answers only the questions asked in 6761 ("Are developers
> of authoritative domain name servers expected to make their
> implementations recognize these names as special and treat them
> differently? If so, how?"):
>
> Original Text
> -------------
> 5. Authoritative DNS Servers: Authoritative servers MUST respond to
> queries for .onion with NXDOMAIN.
>
> Corrected Text
> --------------
> 5. Authoritative DNS Servers: Authoritative servers SHOULD NOT
> recognize .onion names as special and MUST NOT treat queries for
> .onion names differently from other queries.
I like this.
> Splitting the "recognize ... treat" conjunction between "SHOULD NOT"
> and "MUST NOT" would, for instance, allow an authoritative server to
> log a warning message if an operator intentionally configured an
> "onion." zone in the server.
>
> A slight expansion of the text might read:
>
> Corrected Text
> --------------
> 5. Authoritative DNS Servers: Authoritative servers SHOULD NOT
> recognize .onion names as special and MUST NOT treat queries for
> .onion names differently from other queries. By default,
> authoritative servers MUST NOT respond authoritatively to
> queries for .onion names.
I like this even more.
> The "By default" qualifier covers the case of a non-default
> configuration (such as being configured to serve the root zone) where an
> authoritative server would need to respond authoritatively for .onion
> names.
Perfect.
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
