Some questions about the intended meanings... 3.6. Extended DNS Error Code 5 - DNSSEC Indeterminate
If I remember correctly, there isn't a consistent definition of what "indeterminate" means. Perhaps it's worth adding a reference to the intended definition. [ actually maybe all the codes could have citations to where the error cases are mentioned in existing specifications, perhaps with a comment that the citations are not intended to be exhausive ] 3.5. Extended DNS Error Code 4 - Forged Answer 3.16. Extended DNS Error Code 15 - Blocked 3.17. Extended DNS Error Code 16 - Censored 3.19. Extended DNS Error Code 18 - Filtered I don't understand the shades of meaning that these are supposed to distinguish. wrt "filtered", the description implies vaguely RPZ flavoured filtering, but it mentions a REFUSED RCODE which isn't what a sensible implementation would use for that purpose, so I am more confused. 3.18. Extended DNS Error Code 17 - Prohibited If I understand correctly, the four above are about the qname whereas this is about the client? The ordering is a bit confusing. 3.21. Extended DNS Error Code 20 - Lame This needs to be split into two: server doesn't know about the zone queried for (typically RCODE=REFUSED), and server knows about the zone but it has expired (typically RCODE=SERVFAIL). Resolvers handling RD=0 queries typically answer from cache or would answer REFUSED/Prohibited, I would have thought. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Hebrides, Bailey: West, backing south for a time, 4 to 6, increasing 7 to severe gale 9, occasionally storm 10 in Hebrides. Rough or very rough, becoming high or very high. Rain or showers. Good, becoming moderate or poor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
