Hi, On Jul 29, 2022, at 12:53 AM, Petr Špaček <pspa...@isc.org> wrote: > By any chance, do you remember in what iteration the DO=1 in query was > introduced?
Mid- to late 2000/early 2001, after the 2nd iteration (using Ed’s terminology), but before the third. > I wonder what sort of disruption was anticipated/feared. IIRC, there were some resolvers that reacted poorly to receiving unanticipated RRs in response to a “normal” query and there were some concerns about the amount of bandwidth signed authoritative servers would consume with useless information, particularly at the earliest stages of deployment (this was the early 2000s after all). The idea was for a resolver to signal its willingness to receive and process DNSSEC-related responses to as to avoid flooding DNSSEC-unaware resolvers with stuff they had no clue about. > In hindsight is seems that DO=1 requirement for "new" behavior (like, say, > adding RRSIG to delegations sent from the parent zone) could be enough. At some point, biting the bullet and introducing actual feature negotiation into DNS may be warranted... Regards, -drc
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
