Hi all, please see below.
> Am 14.09.2018 um 13:26 schrieb Tony Finch <d...@dotat.at>: > > 神明達哉 <jin...@wide.ad.jp> wrote: >> >> Whether we *SHOULD* (rather than MAY) allow the conventional response >> in case of TCP is a different question, on which I don't have a strong >> opinion. That the question I had. Currently the doc only says "A DNS responder MAY behave differently when processing ANY queries received over different transport“ which kind of implicitly say, refuse-any is always the right default… I was wondering if for the case of TCP a SHOULD would actually be more appropriate. > > I think at the moment it is mostly harmless and sometimes helpful for > debugging or inspection - e.g. `dig` switches to TCP by default for ANY > queries to avoid confusing users with partial answers, so it makes use of > this SHOULD. There is no SHOULD right now... > > If I look into my crystal ball at a future where resolvers query auth > servers over TLS, then the balance might change. Maybe at that point it'll > be better for resolvers to implement refuse-any rather than relying on > auth servers to do it for them; or maybe it'll be better to do > refuse-any over all transports. Dunno :-) That’s also fine. If it is not clear which recommendation should be given for TCP then it does make sense to say anything more than what the doc currently says. Mirja > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ > North Fitzroy: Variable 3 or 4, becoming southerly or southeasterly 5 or 6 in > west. Moderate. Occasional rain in west. Good, occasionally moderate in west. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
