On Wed, 29 Mar 2017, Woodworth, John R wrote:
I am curious why you feel a nameserver unaware of a new record type would ever return it instead of the known type it queried?
No, you're right, you'd only get the BULK if you queried for it, and you'd get NXDOMAIN or more likely NODATA for records that might have been synthesized.
As Evan points out, this leads to chronically inconsistent DNSSEC. Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
