W dniu 02.08.2019 o 16:32, Paul Ebersman pisze: > ebersman> If what you're arguing for is something that's actually mixed > ebersman> into the zone data, how do you handle non-compatible/legacy > ebersman> and avoid leakage? > > wpk> non-compatible/legacy servers won't know the RRTypes that are > wpk> covert - and therefore won't be able to load them from disk. > > In a polite/sane implementation, sure. But I have scars from my years at > ISC tech support dealing with very broken implementations not done by > the usual FOSS DNS folks. They might fail to load the zone at all, might > stop loading and serve what they have, only serve what they recognize, > crash, etc. They should fail to load the zone as it will contain RRs that it does not understand. As long as they won't serve covert records to general public - I don't really care.
Witold _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
