神明達哉 <jin...@wide.ad.jp> wrote:
>
> Whether we *SHOULD* (rather than MAY) allow the conventional response
> in case of TCP is a different question, on which I don't have a strong
> opinion.
I think at the moment it is mostly harmless and sometimes helpful for
debugging or inspection - e.g. `dig` switches to TCP by default for ANY
queries to avoid confusing users with partial answers, so it makes use of
this SHOULD.
If I look into my crystal ball at a future where resolvers query auth
servers over TLS, then the balance might change. Maybe at that point it'll
be better for resolvers to implement refuse-any rather than relying on
auth servers to do it for them; or maybe it'll be better to do
refuse-any over all transports. Dunno :-)
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
North Fitzroy: Variable 3 or 4, becoming southerly or southeasterly 5 or 6 in
west. Moderate. Occasional rain in west. Good, occasionally moderate in west.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
