> Paul's original proposal, IIIIC (if I interpret it correctly) applies to > resolver<->authority-server communications, not stub<->resolver > communications.
no, i was pretty much ruling them out period. especially (RA=1 AND RD=0). however, i could accept a SHOULD NOT for ADNS vs. a SHOULD for RDNS on TCP/53 as long as we also add a SHOULD on RDNS for "accept only transactions from intended clients, most likely from within the same LAN, campus, or ISP." "SHOULD" is great since people who don't do it are still compliant. opendns wouldn't be in trouble. but vendors would become advised to set their defaults to a non-global ACL and then TCP/53 is "safer." -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
