On Tue, Mar 10, 2015 at 08:13:04PM -0700, Brian Dickson wrote: > > Okay, thinking about this a bit more... > Recursive vs authoritative, RD=0 vs RD=1. > > In all combinations of the above, do the "new thing", except for one corner > case: > if(RD==1 && I_AM_AUTHORITY) then > do_ANY > > (Which happens to be the default if someone uses "dig" against an auth > server).
Which means that authoritative servers who were _already_ seeing abuse with RD=1 and ANY would be told they have to reply to them; but some operators of authoritative servers have been dropping those on the floor for some time on the principle that you shouldn't be asking an authoritative server with the RD bit set. Either ANY is something we think needs support or it is not. If we think it's really not something that needs support, then we should say so and be done with it. In any case, I don't like all this conditional logic around ANY. It seems to me likely to make code bases brittle and hard to change, new implementations to be hard to get right, and to make operations troubleshooting much harder because you have to cover more cases. Best regards, A -- Andrew Sullivan a...@anvilwalrusden.com _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
