Matthew Pounsett wrote:
On 13 November 2017 at 06:52, John Kristoff <j...@depaul.edu <mailto:j...@depaul.edu>> wrote: REFUSED does not seem ideal to me either, but what if anything might be better is probably ripe discussion in a new draft. It makes perfect sense to me. REFUSED is an indication that the querier has been blocked from asking that question (or receiving the answer they requested) by configuration, as distinct from a broken configuration preventing them from getting that answer (SERVFAIL).
why is this nor a broken configuration?
... Given that upward referrals have obvious problems (There is no protocol or process to tell a TLD operator "I am not authoritative for that delegation someone else asked you to point at me") it seems to me that REFUSED is the only obvious choice for indicating that an authoritative-only server is not authoritative for anything at or below the QNAME.
i strongly disagree. this is not an administrative denial scenario. see, again:
http://www.circleid.com/posts/20120111_refusing_refused_for_sopa_pipa/ -- P Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
