On Thu, Apr 23, 2020 at 02:14:26PM -0400, Warren Kumari wrote: > On Thu, Apr 23, 2020 at 5:04 AM Vittorio Bertola > <vittorio.bert...@open-xchange.com> wrote: > > > > > > > > > Il 22/04/2020 19:15 Benjamin Kaduk via Datatracker <nore...@ietf.org> ha > > > scritto: > > > > > > ---------------------------------------------------------------------- > > > DISCUSS: > > > ---------------------------------------------------------------------- > > > > > > Sections 4.16 and 4.17 have some discussion that suggests that the > > > respective extended errors apply only to the current "local hop" of a DNS > > > query, and thus should not be propagated by a resolver/forwarder as part > > > of > > > a response. If so, this would be at odds with the discussion in Section 3 > > > that leaves such bhavior as merely "implementation dependent" (giving some > > > MAY-level options). I'm not sure what the intent is, here, so let's talk > > > about whether there's anything that should change. > > > > Indeed, thinking at the possible use case for those error codes, it would > > make sense for the forwarder to forward them to the final user. Perhaps we > > can fix the language to make this clear? E.g., instead or "the server being > > directly talked to", "the server actually resolving the queries" or > > something like that? > > Hah! Wes and I spent some time yesterday trying to figure out how best > to answer this, and ended up with two ideas: > 1: just remove the "being directly talked to": > "The server is unable to respond to the request because the domain is > blacklisted due to an internal security policy imposed by the operator > of the server being directly talked to." -> "The server is unable to > respond to the request because the domain isblacklisted due to an > internal security policy imposed by the operator of the server" > or 2: some very convoluted text... > > In my view your proposed text is simple, clear, and addresses the issue...
I think it would address my concern as well ... plus all that other stuff :) -Ben _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
