If the zone is not loaded you don’t have a zone version. Retuning an empty zone version just looks you have a broken EDNS implementation. It doesn’t provide real information.
-- Mark Andrews > On 19 Jun 2024, at 05:25, Paul Wouters > <paul.wouters=40aiven...@dmarc.ietf.org> wrote: > > > >> On Tue, Jun 18, 2024 at 2:01 PM Wessels, Duane >> <dwessels=40verisign....@dmarc.ietf.org> wrote: >> >> >> > On Jun 18, 2024, at 10:49 AM, Paul Hoffman <paul.hoff...@icann.org> wrote: >> > >> > Responding to one bit of Duane's response. >> > >> > On Jun 18, 2024, at 10:40, Wessels, Duane >> > <dwessels=40verisign....@dmarc.ietf.org> wrote: >> > >> >>> What should an authoritative nameserver return as zone version if it is >> >>> configured as authoritative nameserver but can't get the zone version (eg >> >>> because "no permission to read file") One way would be to allow it to >> >>> return >> >>> a zero length for ANY type and define that as an error condition. >> >> >> >> I think the authors will need to discuss how to handle error conditions >> >> like this >> >> and get back to you. >> > >> > PaulW's DISCUSS on this topic doesn't make sense. If a server is >> > authoritative for a zone, it has know the version of the zone: the zone is >> > incomplete without its version. If the server doesn't know the version, it >> > should not be answering any queries for that zone at all. > > I gave a bad example. Image a database backend, but the backend is > temporarily down. It will return ServFail but what would you put into the > zone version? > >> >> Yes, perhaps. The one example I could think of is if the server was >> configured to be authoritative for a zone, but is unable to load the zone >> data either via network or disk. >> >> A server could just omit any zone version in this (rare?) case. The only >> reason to do something other than that would be for the server to indicate >> it supports zone versioning but not at that moment for that zone. > > I guess either omit or a zero length zone version would work for me. > > Paul > _______________________________________________ > DNSOP mailing list -- dnsop@ietf.org > To unsubscribe send an email to dnsop-le...@ietf.org
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
