Andrew Sullivan wrote:
Hi,
This is quite a helpful response, thanks. I wonder whether more of it
ought to go in discussion (or a new draft), however.
i probably should not be involved in a new draft other than as a
reviewer. (consider the fate of resimprove.)
For I'm struck
by this:
On Sun, Nov 12, 2017 at 06:42:18PM -0800, Paul Vixie wrote:
always be generated using only local data, and either contains the
answer to the question or a referral to other name servers "closer" to
the desired information.
the operative phrase is '"closer" to'. this is repeated in 4.3.1:
If I ask the authoritative server for example.com about a name
label.example.net, in a graph-theoretic sense the NS RRset for the
root zone is clearly closer to label.example.net than anything else I
can give.
dns is not that kind of graph.
if the qname is acetes.pa.dec.com and the query is being processed by
the dec.com authority server who knows that pa.dec.com is a delegation,
then pa.dec.com is closer to acetes.pa.dec.com than the root would be.
The current approaches that people have for this are either NODATA
responses and REFUSED. Only the latter seems obviously consistent
with the text, though I'm aware that there's controversy over using
REFUSED here.
as i wrote during the SOPA wars, REFUSED has been widely used as an
administrative denial, and repurposing it would not be effective at this
late date.
see:
http://www.circleid.com/posts/20120111_refusing_refused_for_sopa_pipa/
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
