On Fri, 4 Oct 2024, Vladimír Čunát wrote:
special handling" should say that resolvers MUST implement the response code
restoration in 4.1 unless the client sends the EDNS0 Compact Answers OK
option.
You can't restore the RCODE by default. This topic is repeating. Such
answers must not pass DNSSEC validation, as I understand it (for those that
don't implement this draft). Backwards compatibility unfortunately
complicates all this.
Urrgh, you're right. So the only backward compatible way to do this is
only send NXNAME everyone down the chain has set the bit to say they
understand what it means.
I suppose we could cheat slightly and say it's OK to restore NXDOMAIN to
clients that don't ask for DNSSEC but that doesn't seem like a great
direction to go.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
