Greetings again. The changes here generally help the document, but they also highlight some of the deficiencies. A few comments on the current draft:
- The spec does not say anything about the kinds of responses where it is allowed to send particular extended error codes. For example, if a response has an RCODE of NOERROR, what does it mean for it to also have a EDE? Or if the RCODE is FORMERR, can it have an EDE that relates to DNSSEC validation failure? The exact semantics for the receiver need to be specified. - In the introduction, it says: This document specifies a mechanism to extend (or annotate) DNS errors to provide additional information about the cause of the error. "extend" and "annotate" have very different meanings. This is the crux of the use of the mechanism, so it needs to be clearer. - In the introduction, it says: These extended error codes are specially useful when received by resolvers, to return to stub resolvers or to downstream resolvers. Authoritative servers MAY parse and use them, but most error codes would make no sense for them. Authoritative servers may need to generate extended error codes though. This is confusing because many authoritative servers also send queries when they are doing AXFR and so on. Instead, I propose: These extended error codes described in this document can be used by any system that sends DNS queries. Different codes are useful in different circumstances, and thus different systems (stub resolvers, recursive resolvers, and authoritative resolvers) might receive and use them. - Sections 3.1 and 3.2 repeat the information at the end of Section 2, and thus should be eliminated. Instead, leave Section 2 as is, and simply include the the first paragraph of Section 3, and then eliminate Section 3 altogether. - There are many places where the document uses flippant language that could confuse readers who don't understand English idioms. Although they are somewhat humorous, these could lead to confusion and should be removed. --Paul Hoffman _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
