On Mon, Nov 13, 2017 at 06:02:11PM -0800, Wes Hardaker wrote:
> Tony Finch <d...@dotat.at> writes:
>
> >> It can be argued that NODATA (pseudo rcode, I know) is an "error" as
> >> well as NXDOMAIN...
> >
> > Or, neither of them are errors :-)
>
> We'll remove the restriction in any wording that says it can only be for
> errors. I think there is clear consensus to do so.
For the record, I'm with Tony, neither NODATA nor NXDomain are DNS
lookup errors. Lack of answers may (or may not) lead to
application-level errors depending on whether the data sought was
functionally essential, but either way the DNS lookup was successful,
and returned the status of the requested RRset.
This is, for example, important with opportunistic DANE TLS, where
actual lookup errors are potential downgrade attacks, but NODATA
and NXDomain are not lookup errors.
And indeed unlike actual errors, there is nothing one could possibly
add in the form extended "error" diagnostics when returning a NODATA
or NXDomain response, these non-error conditions don't require any
additional context to aid problem resolution.
--
Viktor.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
