On Aug 8, 2023, at 11:27 AM, Florian Obser <florian+i...@narrans.de> wrote: > > This introduced at least a nit
Yipes, very good points. > > For example, consider an authoritative server named ns0.example.com > that is served by two installations (with two A records), one at > 192.0.2.7 that follows this guidance, and one at 2001:db8::8 that is > a legacy (cleartext port 53-only) deployment. > > It doesn't have two A records. It has an A and AAAA record. Errr, yup! > I know > that Éric asked for a non-legacy IP example, ...and he's our AD... > but I don't think this makes > things better. I find it very confusing, usually the server would be > dual stacked so why would it do different things depending on the > address family? Maybe just go v6 only, thusly? > > For example, consider an authoritative server named ns0.example.com > that is served by two installations (with two AAAA records), one at > 2001:db8::7 that follows this guidance, and one at 2001:db8::8 that is > a legacy (cleartext port 53-only) deployment. A recursive client who > associates state with the NS name and reaches 2001:db8::7 first will It is that uncommon for a name server to have one A record and one AAAA record? I'd rather not go all-IPv6 because some readers might think that the discussion is for v6-only systems. If possible, I'd rather just say "(with one A record and one AAAA record)". --Paul Hoffman _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
