In message <5373ddab-1ed2-489b-ab62-ba7cf6d3d...@frobbit.se>, "Patrik =?utf-8?b ?RsOkbHRzdHLDtm0=?=" writes: > On 10 Nov 2015, at 22:24, Jim Reid wrote: > > >> Or perhaps we should not. > > > > +1 > > This discussion on making tests is coming back now and then. In RIPE, in > IETF, in discussions around TLDs (specifically ccTLDs). > > I have run one such initiative myself. > > Everything has so far collapsed into collision between tech people not > agreeing on what is right and wrong. It also collapses into clashes > between registry policy and the tests made. I.e. just the registration > policy is setting blocks and constraints on what tests must be made (or > can not be made). And harmonization of such rules is just impossible (we > have seen). > > That said, initiatives like the one I did run did push errors (for some > definition of errors) from 22% to maybe 17% in .SE and my inspection of > the rest say that getting errors down to 15% is possible, but more is > very hard. > > And, having a BCP or such that give suggestions on what can be viewed as > "correct" would not be bad, but how to use it must be up to the reader. > > I think the IETF should be careful on writing too prescriptive text, I > say being one hit by "rfc compliance" people that point at old whois > related RFCs that "require" things that in fact is illegal in Sweden. > I.e. by being compliant to Swedish law regarding privacy, I violate a > very old RFC and because of that I am black listed. > > So be careful.
Which is why draft-andrews-dns-no-response-issue-13 focuses on nameserver and firewall behaviour and not data content. I haven't had anyone say that any of the tests listed there are wrong. Fixing this class of error is almost always upgrade the software to something that is actually rfc compliant. The only thing which is tends to be user configurable is turn on/off DNS checks in the firewall and in reality the firewall vendor shouldn't have been blocking on what they were blocking in the first place. Mark > Patrik -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
