Ted Lemon wrote: > On Mar 26, 2015, at 1:26 AM, Paul Vixie <p...@redbarn.org> wrote: >> you make an excellent point. so, the spec might ask for repeatability, but >> not specify how that's to be achieved. it's still an information leak since >> the preferred type may have timed out of the cache, in which case an rdns >> would have to return the next thing on its priority list. (refetching should >> NOT be done!) > > I don't think you need a priority list--any deterministic mechanism will do. > I'd suggest using the numerical RRtype code, and choosing the highest > number. This will not always return the smallest RR, but it has the virtue > of preferring AAAA to A, but quite possibly sending neither (which I think is > even better).
priority list is an example of determinative. so is sorting by numeric rr type value. but in either case, as those rrsets expire, others will be exposed -- an information leak. or if a certain type is preferred, then when that rrset expires, re-fetching will occur -- another information leak. what we should say in the spec is "determinative, and non-information-leaking", and let implementers scratch their heads about how to do that. we should not try to invent it here, or specify it in an ietf document. -- Paul Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
