Paul,
Minor nit, just to be pedantic.
On 08/07/2019 20.38, Paul Vixie wrote:
REFUSED means, in my reading (and coding) that there is no zone declaration at
the authority. SERVFAIL means the zone is declared/configured, but not loaded.
i now realize that both have to have a holddown timer, not just SERVFAIL.
ServFail means "something bad happened". There are 10 possible reasons
listed in the extended errors draft:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-extended-error/
And there are of course many, many more. So it _could_ be zone is
declared/configured, but not loaded, but not necessarily.
This doesn't change your perfectly correct observation that a hold-down
timer is needed for both Refused and ServFail.
Cheers,
--
Shane
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
