On 20 Aug 2014, at 17:48, Mark Andrews <ma...@isc.org> wrote: > You will give answers that validate as bogus in the stub resolver.
This seems to be the crux of our differing world views. > A validating stub resolver Validating stub resolvers? In my own personal taxonomy a stub resolver doesn't validate. Validation signalling is available from a validating resolver (e.g. using the AD bit, of which I am not a fan), and that resolver (validating or not) is where I was suggesting the locally-relevant data would be served. (Note that I'm not saying that my own personal taxonomy is of any use to anybody apart from me; I'm just putting it out there by way of explanation of the current forehead wrinkles. I continue to think it would be good to have a common understanding of these overloaded terms.) Anyway, I'm not arguing against the idea of making certain delegations verifiably insecure. I think any of us could write up an I-D with an IANA Considerations section that specified the correct behaviour, if we want to do this properly with a documentation trail. (Maybe the nice IANA DNS Operations people could be convinced to make the change anyway without or in advance of documentation, but I tend to think that documentation is good in general.) Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
