On Sun, Oct 4, 2015 at 7:32 AM, Dave Lawrence <t...@dd.org> wrote: > A couple of quick observations: > > * The draft says that the answer in a signed zone MAY be unsigned. > Since this will ultimately cause a SERVFAIL for validating > resolvers, it is not really acceptable. >
You and Evan, are right we will update the document to reflect this, as returning unsigned answers is only accepted by non-validating resolvers and figuring out if resolver is validating requires tracking resolver behavior thus it is simpler and cheaper to sign. Servers with Off-line signed zones have more to gain from this functionality. > > * The draft does not describe at all what the proper behaviour is for > an owner name that has a CNAME record. Since CNAMEs require special > handling, this should be addressed. Personally I think the CNAME > should be returned in this case. > > good point, we will address it Olafur
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
