> -----Original Message----- > From: John R Levine [mailto:jo...@taugh.com] > > On Wed, 29 Mar 2017, Woodworth, John R wrote: > > I am curious why you feel a nameserver unaware of a new record > > type would ever return it instead of the known type it queried? > > No, you're right, you'd only get the BULK if you queried for it, > and you'd get NXDOMAIN or more likely NODATA for records that > might have been synthesized. > > As Evan points out, this leads to chronically inconsistent DNSSEC. >
Hi John, Thanks again for your feedback. I was under the impression DNSSEC fixed problems with integrity, not inconsistency. While we too would prefer a more uniform rollout of BULK RR, we also have to face the harsh reality these things will take time. We can definitely make recommendations to lessen the impact for early adopters but if one thing is consistent it's 'lack of consistency'. Thanks, John > > Regards, > John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY > Please consider the environment before reading this e-mail. https://jl.ly > > -- THESE ARE THE DROIDS TO WHOM I REFER: This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
