Peter van Dijk wrote:
> I don't think we should be prescribing extra code paths in
> authoritative servers in this document, and I think non-authoritative
> NXDOMAINs would be very confusing. In particular, resolvers would not
> believe them anyway.
>
> That all said, I can certainly see that other texts than my suggestion
> could make sense.
If the goal is to avoid mandating extra code paths in typical
authoritative servers, I would suggest something like the following
which narrowly answers only the questions asked in 6761 ("Are developers
of authoritative domain name servers expected to make their
implementations recognize these names as special and treat them
differently? If so, how?"):
Original Text
-------------
5. Authoritative DNS Servers: Authoritative servers MUST respond to
queries for .onion with NXDOMAIN.
Corrected Text
--------------
5. Authoritative DNS Servers: Authoritative servers SHOULD NOT
recognize .onion names as special and MUST NOT treat queries for
.onion names differently from other queries.
Splitting the "recognize ... treat" conjunction between "SHOULD NOT"
and "MUST NOT" would, for instance, allow an authoritative server to
log a warning message if an operator intentionally configured an
"onion." zone in the server.
A slight expansion of the text might read:
Corrected Text
--------------
5. Authoritative DNS Servers: Authoritative servers SHOULD NOT
recognize .onion names as special and MUST NOT treat queries for
.onion names differently from other queries. By default,
authoritative servers MUST NOT respond authoritatively to
queries for .onion names.
The "By default" qualifier covers the case of a non-default
configuration (such as being configured to serve the root zone) where an
authoritative server would need to respond authoritatively for .onion
names.
--
Robert Edmonds
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
