On Monday, December 28, 2015 04:40:20 AM John Levine wrote: > >> NEW > >> > >> For instance, some authoritative name servers embedded in load > >> balancers reply properly to A queries but send REFUSED to NS queries. > >> This behaviour violates the DNS protocol (see Section ??? of [RFC??], > >> and improvements to the DNS are impeded if we accept such behaviour > >> as normal. > >> > >> END > > > >Does anyone has an idea of the reference to use to replace the "???"
i think "violates" is the wrong verb above, and that there is no "???" referent that can make it right. > Given that it doesn't seem to be a protocol violation, I'd suggest this: > > For instance, some authoritative name servers embedded in load > balancers reply properly to A queries but send REFUSED to NS queries. i'm ok with that part, but not this part: > This behavior causes a variety of problems, such as invalid negative > answers, that are so severe that it is unreasonable to expect clients > to interoperate with them reliably and so there is no point in trying to > work around them. "For interoperability reasons, many DNS initiators treat REFUSED as a synonym for SERVFAIL. All senders of the REFUSED signal should keep this in mind." -- P Vixie
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
