On Tue, Jun 18, 2024 at 2:01 PM Wessels, Duane <dwessels= 40verisign....@dmarc.ietf.org> wrote:
> > > > On Jun 18, 2024, at 10:49 AM, Paul Hoffman <paul.hoff...@icann.org> > wrote: > > > > Responding to one bit of Duane's response. > > > > On Jun 18, 2024, at 10:40, Wessels, Duane <dwessels= > 40verisign....@dmarc.ietf.org> wrote: > > > >>> What should an authoritative nameserver return as zone version if it is > >>> configured as authoritative nameserver but can't get the zone version > (eg > >>> because "no permission to read file") One way would be to allow it to > return > >>> a zero length for ANY type and define that as an error condition. > >> > >> I think the authors will need to discuss how to handle error conditions > like this > >> and get back to you. > > > > PaulW's DISCUSS on this topic doesn't make sense. If a server is > authoritative for a zone, it has know the version of the zone: the zone is > incomplete without its version. If the server doesn't know the version, it > should not be answering any queries for that zone at all. > I gave a bad example. Image a database backend, but the backend is temporarily down. It will return ServFail but what would you put into the zone version? > > Yes, perhaps. The one example I could think of is if the server was > configured to be authoritative for a zone, but is unable to load the zone > data either via network or disk. > > A server could just omit any zone version in this (rare?) case. The only > reason to do something other than that would be for the server to indicate > it supports zone versioning but not at that moment for that zone. > I guess either omit or a zero length zone version would work for me. Paul
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org