On 3 Jan 2018, at 1:11, Ray Bellis wrote:
On 02/01/2018 23:37, Paul Hoffman wrote:
This answer doesn't seem to fully address Robert's and Ray's
questions.
Why use an A/AAAA query if you aren't going to do anything with the
result? If you are going to use A/AAAA, you have to tell resolvers
what
to return in the results. Using a new RRtype would have clearer
semantics.
Actually, that wasn't my question at all.
Sorry for indicating it was. It was also not (directly) Robert's
question either. Robert asked "The first is the contents of the A/AAAA
RRSET returned, and the second is the TTL for the records", and I took
Geoff's lack of answer to mean that he wasn't going to use the result.
Geoff has now said "At the risk of heading waaaay down potentially
spurious ratholes here let me quickly explain what I meant. Within the
structure of a browser-based scripted test, such as you might find in an
online ad script, the common operation within the script is to perform a
GET of a URL." I did not realize that draft-ietf-dnsop-kskroll-sentinel
was only meant for browser-based tests because there is no indication of
this in the draft.
The point I was trying to make (perhaps too obliquely) is that if you
are going to run this experiment from a browser, you'd better make
sure
the IP address you return is one that's either under your control or
otherwise "harmless" when the browser subsequently tries to access it.
Fully agree.
Using a new RRTYPE would be futile, since browsers don't know how to
access those.
That is true for the "browser-based scripted test", definitely. If
that's the sole motivation for this draft, then we need to stick with A
/ AAAA records which will be specified in a future version of the draft.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
