Re: [DNSOP] Fwd: New Version Notification for draft-jabley-dnsop-refuse-any-00.txt
On Wed, Sep 30, 2015 at 04:20:25PM -0700, Ólafur Guðmundsson wrote: > FYI, > this is latest incarnation of of how to give out minimal answer to ANY > query without breaking anything and being friendly to resolvers. > Olafur This was discussed at some length back around the Toronto IETF and I made a suggestion that seemed to garner fairly wide support, i.e., selecting a single RRset from the ANY response and returning only that. See: https://www.ietf.org/mail-archive/web/dnsop/current/msg13945.html ...and its followups. Is there a reason you decided not to go in that direction? (I'd be happy to contribute text if you like.) The new proposal to return an empty HINFO record has the advantage of a smaller response, but will be inconvenient for DNSSEC-signed zones, unless the server has access to the signing key and can generate a covering RRSIG. This should be mentioned in security considerations. The pick-one-RRset mechanism doesn't have this problem, because the covering RRSIG will already exist for whichever RRset is returned. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] Fwd: New Version Notification for draft-jabley-dnsop-refuse-any-00.txt
FYI, this is latest incarnation of of how to give out minimal answer to ANY query without breaking anything and being friendly to resolvers. Comments, Olafur -- Forwarded message -- From: Date: Wed, Sep 30, 2015 at 12:04 PM Subject: New Version Notification for draft-jabley-dnsop-refuse-any-00.txt A new version of I-D, draft-jabley-dnsop-refuse-any-00.txt has been successfully submitted by Joe Abley and posted to the IETF repository. Name: draft-jabley-dnsop-refuse-any Revision: 00 Title: Providing Minimal-Sized Responses to DNS Queries with QTYPE=ANY Document date: 2015-09-30 Group: Individual Submission Pages: 16 URL: https://www.ietf.org/internet-drafts/draft-jabley-dnsop-refuse-any-00.txt Status: https://datatracker.ietf.org/doc/draft-jabley-dnsop-refuse-any/ Htmlized: https://tools.ietf.org/html/draft-jabley-dnsop-refuse-any-00 Abstract: The Domain Name System (DNS) specifies a query type (QTYPE) "ANY". The operator of an authoritative DNS server might choose not to respond to such queries for reasons of local policy, motivated by security, performance or other reasons. The DNS specification does not include specific guidance for the behaviour of DNS servers or clients in this situation. This document aims to provide such guidance. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
