According to their own statement, Cloudflare perceived the "problem" to be the
code-complexity of their DNS implementation -- in particular, they
characterized the complexity of their (former) QTYPE=*-handling code as
"enormous". Their "fix" was to feign ignorance (RCODE=NOTIMP) of QTYPE=* and
thus -- as I and others interpret it -- fall out of compliance of any
reasonable reading of RFC 1034/1035.
IANAL, but I think this might have legal ramifications. If they are
advertising/selling "DNS" services and what they are delivering is not "DNS",
then Truth in Advertising and/or Bait-and-Switch statutes, regulations and/or
treaty provisions may apply. They could avoid this fate, of course, by
rebranding their name-resolution service as something other than "DNS"
(Cloudnameserviceflare?), even though coincidentally it runs on port 53 and in
all respects other than QTYPE=* responses looks and quacks a lot like "DNS".
Of course, IETF is not the FTC, nor is it the WTO. What can we do? There seems
to be a diversity of opinion on this:
The standards-purists want to render an opinion that Cloudflare's
implementation has forsaken standards-compliance, and let those chips fall
where they may, legally or otherwise.
The accommodationists want to come up with a "smarter" or "cleverer" way for
Cloudflare (and undoubtedly others to follow) to frustrate QTYPE=* queries in a
way that causes as little wreckage as possible. Not sure how they hope to
achieve that, if anything beyond "return(DNS_RCODE_NOTIMP)" qualifies as
"enormous" code-complexity to the Cloudflare folks...
Cloudflare justifies their action, in part, by making the questionable claim
"The original reason for adding the ANY to DNS was to aid in debugging and
testing". Whatever other action may or may not be taken by the IETF, since only
IETF has the institutional memory to definitively confirm or deny this claim, I
think it is worthy of a response.
- Kevin
-----Original Message-----
From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of Randy Bush
Sent: Friday, March 13, 2015 6:28 AM
To: Michael Graff
Cc: dnsop@ietf.org; D. J. Bernstein; dns-operati...@dns-oarc.net
Subject: Re: [DNSOP] [dns-operations] dnsop-any-notimp violates the DNS
standards
> What problem are we specifically trying to solve here again?
not break things that are working
randy
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
