On Mon, Mar 04, 2024 at 02:15:55PM -0800, internet-dra...@ietf.org <internet-dra...@ietf.org> wrote a message of 48 lines which said:
> Internet-Draft draft-ietf-dnsop-compact-denial-of-existence-03.txt is now > available. It is a work item of the Domain Name System Operations (DNSOP) WG > of the IETF. I just implemented it at the IETF 119 hackathon in Brisbane (programming details at the end), on an authoritative-only server. I think I have done everything that's in the draft, including the EDNS signaling (new flag CO). This was quite simple and the draft is enough to guide the implementor. I find the draft clear and useful. Among the questions raised: * is there an EDE which is recommended when replying to an explicit request for a meta-type (like QTYPE=NXNAME)? The draft says to set the rcode to FormErr but does not discuss EDE. * the draft does not discuss the consequences of compact denial for synthesis of negative answers by a resolver (RFC 8020 and 8198). * [this one is outside the scope of the draft] Is it reasonable/legitimate to reply NODATA for a non-existing name when the client did not set the DO flag, or even when it did not use EDNS? Programming details: the change was made on the Drink authoritative dynamic server <https://framagit.org/bortzmeyer/drink/>. Since Drink only has dynamic signing, it implemented the white lies of RFC 4470. Adding compact denial was mostly removing code since, for the authoritative name server, compact denial is simpler than white lies. But it challenged some assumptions in the code (for instance that the rcode, once set, is not changed during processing of the request) and, in the case of Drink, required changes in several places. The code is in the branch compact-denial <https://framagit.org/bortzmeyer/drink/-/tree/compact-denial?ref_type=heads>. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
