If the SOA was to be added it should be to the authority section per STD13.
RRSIG regularly get added to the additional section. Only referrals don’t have RRSIGs added. -- Mark Andrews > On 29 May 2021, at 06:34, Paul Hoffman <paul.hoff...@icann.org> wrote: > > On May 28, 2021, at 11:30 AM, John Levine <jo...@taugh.com> wrote: >> Bonus question: why is the reply a new EDNS option rather than just adding >> the SOA record to the additional section? If you do that you can add RRSIG >> to show you're telling the truth. > > Because SOA does not now normally appear in the Additional section, and > because the Additional section does not normally have RRSIGs. Proposing a new > EDNS0 option causes much less epistemological grief than extending the > semantics of the Additional section. > > Having said that, I believe that a possible > draft-ietf-dnsop-additional-section-as-kitchen-sink is actually a good idea. > If the WG like it, "SOA of this response" and "signed SOA of this response" > would certainly fit there. > > --Paul Hoffman_______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
