On Sat, Mar 14, 2015 at 09:10:03PM +0100, Florian Weimer wrote:
> We'd have to be reasonably sure that no resolver treats is as a
> meta-type and turns the upstream response into a FORMERR upon seeing
> it in the answer section. “NULLs are used as placeholders in some
> experimental extensions of
* Tim Wicinski:
> This starts a Call for Adoption for draft-ogud-dnsop-acl-metaqueries
>
> The draft is available here:
> https://datatracker.ietf.org/doc/draft-ogud-dnsop-acl-metaqueries/
No real comments on adoptions below, just some technical issues.
Is there are definition now what constitut
* Tony Finch:
>> Evan Hunt wrote:
>> >
>> > This could be a pretty brilliant solution, actually: If you're
>> > authoritative for a signed zone and you receive a query of type ANY,
>> > return the applicable NSEC/NSEC3; if the zone is *not* signed, synthesize
>> > a response containing a single R
* Evan Hunt:
> (It doesn't address qmail's problem, but that's a lost cause no
> matter which method is chosen.)
I think it does. qmail already copes correctly with a partially
cached ANY response (due to TTL mismatch between RRset), does it?
The new behavior just looks like a partially cached r
* Evan Hunt:
> On Thu, Mar 12, 2015 at 11:38:04PM +, Darcy Kevin (FCA) wrote:
>> So you're thinking it's more likely that we'll get folks to understand
>> this new type, that's designed to frustrate QTYPE=* queries in a
>> more-or-less graceful way, than it is to convince them to stop making
>
> On Mar 13, 2015, at 7:59 PM, Paul Vixie wrote:
> > Nicholas Weaver Saturday, March 14, 2015 5:07 AM
>>
>>> ...
>>>
>>> Overall, unless you are validating on the end host rather than the
>>> recursive resolver, DNSSEC does a lot of harm from misconfiguration-DOS,
>>> but almost no good.
