On Sat, Nov 14, 2015 at 05:32:41PM +1100, Mark Andrews wrote: > In message <20151114044614.ga4...@hezmatt.org>, Matt Palmer writes: > > On Fri, Nov 13, 2015 at 10:51:52AM +0100, Bj�rn Mork wrote: > > > So what do we do? We currently point the blocked domains to addresses of > > > a web server with a short explanation. But what if the domains were > > > signed? We could let validating servers return SERVFAIL. But I'd > > > really prefer avoiding that for the simple reason that there is no way > > > to distinguish that SERVFAIL from one caused by e.g. a domain owner > > > configuration error. > > > > Perhaps we need to expand RCODE to be the full octet, and indicate "blocked > > for legal reasons" with RCODE value 25. > > Rcode's were expanded to 12 bits back in 1999. See RFC 2671.
I didn't feel it was worth looking beyond RFC1035 for an off-the-cuff joke. - Matt
