Ray, At 2016-04-13 12:06:25 +0100 Ray Bellis <r...@bellis.me.uk> wrote:
> On 13/04/2016 12:01, Shane Kerr wrote: > > > A third answer which falls outside of any of the current proposals is > > that there should be a way to document what the capabilities of an > > authority server are explicitly. If only there was a way to store > > meta-data about hosts in some sort of distributed database... ;) > > If only NAT and load-balancers didn't break the assumption that a single > IP address refers to a unique host with consistent behaviour... :p > > [I'm aware of at least one major DNS operator that runs heterogenous DNS > clusters behind a single IP] Sure, it's quite common. This could cause problems as people upgraded software in their cluster where some of the servers support the multiple QTYPE option and others do not. Probably a sentence in the specification should warn about that, and release notes from implementors should warn operators about this case. Something like: "If a single IP address sometimes answers without support for the option, then this option should be disabled for all servers answering from that IP address. Implementors SHOULD have a way to disable the option, to support this case." Since nobody is perfect, on the resolver side one would need to detect the single-IP-mixed-capabilities case and downgrade the capabilities tracked for the authority server. This implies that authority servers MUST include some sort of option to indicate support for multiple QTYPE in every reply, even if there is a single QTYPE. (Note that this is orthogonal to how the resolver learns about the support, whether it infers it from EDNS signaling or gets it from an RR or whatever.) Cheers, -- Shane
pgpkKb9H7Ke0f.pgp
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
