On Sun, 17 Mar 2024, Shumon Huque wrote:
The draft allows (but does not proscribe) NXDOMAIN to be inserted into the Rcode for non DNSSEC enabled responses. I guess the main reason for not being proscriptive was what I mentioned - there were deployments in the field that didn't. ...
You're certainly right that there is software that sends NXDOMAIN when NODATA would be appropriate or vice versa. (rbldnsd which is widely used in dnsbls has been a notable example which I think is now mostly fixed, due to giving wrong answers to minimized queries.) But I think we're agreeing that it's better to confirm this is bad practice and encourage software to conform than to add yet another hump on the camel.
R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
