Florian Obser wrote on 2023-03-01 22:42:
I might not be caffeinated enough yet, but I think the next domain name
in section 5 should be \000.ent1.example.net:
ent1.example.net. 3600 IN NSEC \000.ent1.example.net. RRSIG NSEC ENT
In section 6, calling getaddrinfo() return values exit codes is a bit
odd, maybe this will do?
Address lookup functions typically invoked by applications won't see
a practical impact from this indistinguishability. For a non-
existent name, the getaddrinfo() function for example will return a
value of EAI_NODATA rather than EAI_NONAME. But either way the
effect on the caller is the same: it will obtain a response with a
non-zero return value and no available addresses.
that's just not true, no matter how it's worded.
if i get NODATA i might try other record types (for example, AAAA after
A, A after AAAA, or both AAAA and A after MX).
if i get NXDOMAIN, i won't.
there's also a huge impact on operational security.
indistinguishability would a huge problem.
please outlaw it.
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
