On Wed, Sep 30, 2015 at 04:20:25PM -0700, Ólafur Guðmundsson wrote: > FYI, > this is latest incarnation of of how to give out minimal answer to ANY > query without breaking anything and being friendly to resolvers. > Olafur
This was discussed at some length back around the Toronto IETF and I made a suggestion that seemed to garner fairly wide support, i.e., selecting a single RRset from the ANY response and returning only that. See: https://www.ietf.org/mail-archive/web/dnsop/current/msg13945.html ...and its followups. Is there a reason you decided not to go in that direction? (I'd be happy to contribute text if you like.) The new proposal to return an empty HINFO record has the advantage of a smaller response, but will be inconvenient for DNSSEC-signed zones, unless the server has access to the signing key and can generate a covering RRSIG. This should be mentioned in security considerations. The pick-one-RRset mechanism doesn't have this problem, because the covering RRSIG will already exist for whichever RRset is returned. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
