On Sat, Apr 15, 2023 at 11:20:13AM +1000, Mark Andrews wrote: > At this stage I think the only way to force this is to drop negative > responses without SOA records present. To have the lookups fail and > that requires buy in by the large recursive server operators. > > Similarly add an unknown EDNS option (pick a value between 1000 and 1999) > to every QUERY until 1 Jan 2025 and if it comes back FORMERR with an OPT > record present, drop the response. 10 years after cleaning up the EDNS > specification we still have .5% of servers not updated. BIND is effectively > doing this with DNS COOKIE but it is painful when people say “but the lookup > works with large recursive server”.
+1000 for this one! Fred _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
