Mark, At 2016-04-07 20:48:43 -0300 Mark Andrews <ma...@isc.org> wrote:
> Warren. In both cases receiving a query with either a option or a > qname encoding ids it is a indication that the IP address or the > clients behind the IP address have the trust anchor configured. You > may receive a option without the recursive server actually validating. > > As far as I can see both options provide the same information. Actually using a QNAME does provide more information, since it can reveal validators behind a resolver with different trust anchors. While the QNAME approach does feel a bit like a hack, I have to admit that it probably is slightly better. I can't even think of useful information that having both approaches would add.... (I do think that using human-readable key tags in the QNAME approach makes sense, as someone suggested in the WG session. Because I am a human, and don't care about 1 or 2 extra bytes for these relatively rare queries, but I do care about being able to check logs without running them through my secret decoder ring...) Cheers, -- Shane
pgpQx8sVoeie9.pgp
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
