>> NEW >> For instance, some authoritative name servers embedded in load >> balancers reply properly to A queries but send REFUSED to NS queries. >> This behaviour violates the DNS protocol (see Section ??? of [RFC??], >> and improvements to the DNS are impeded if we accept such behaviour >> as normal. >> END > >Does anyone has an idea of the reference to use to replace the "???" > >For me, such a behavior is so obviously wrong that I cannot think of a >precise chapter-and-verse to quote...
I don't see why it's not valid behavior. REFUSED means "The name server refuses to perform the specified operation for policy reasons." If my policy is not to tell you about NS records, that's my policy. It may be a stupid policy that causes downstream problems, but it's my right to be stupid. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
