Re: [DNSOP] About draft-ietf-dnsop-extended-error

2017-11-21 Thread Stephane Bortzmeyer
On Tue, Nov 14, 2017 at 08:47:25AM +, Viktor Dukhovni wrote a message of 27 lines which said: > > RCODE: SUCCESS (NODATA) > > Extended code: ERRBLACKLIST > > Explanation: "Client blacklisted for IPv6 queries" > > Well, once we're in the "lying with DNS" business, we hardly need > to restr

Re: [DNSOP] About draft-ietf-dnsop-extended-error

2017-11-14 Thread Paul Vixie
Joe Abley wrote: ... I don't think it's sensible to say absolutely that there will never be a need to disambiguate NXDOMAIN or NOERROR since never is an awfully long time, and who knows or dares to dream? that outcome depends on scope. if you imagine a protocol speaker behaving differently

Re: [DNSOP] About draft-ietf-dnsop-extended-error

2017-11-14 Thread Joe Abley
On Nov 14, 2017, at 16:47, Viktor Dukhovni wrote: Well, once we're in the "lying with DNS" business, we hardly need to restrict extended diagnostics to errors, we can equally contemplate them for policy-based answers that don't reflect the authoritative zone content... :-8 You make it sound li

Re: [DNSOP] About draft-ietf-dnsop-extended-error

2017-11-14 Thread Viktor Dukhovni
On Tue, Nov 14, 2017 at 07:56:00AM +, Shane Kerr wrote: > > And indeed unlike actual errors, there is nothing one could possibly > > add in the form extended "error" diagnostics when returning a NODATA > > or NXDomain response, these non-error conditions don't require any > > additional contex

Re: [DNSOP] About draft-ietf-dnsop-extended-error

2017-11-13 Thread Shane Kerr
Viktor, Viktor Dukhovni: > On Mon, Nov 13, 2017 at 06:02:11PM -0800, Wes Hardaker wrote: > >> Tony Finch writes: >> It can be argued that NODATA (pseudo rcode, I know) is an "error" as well as NXDOMAIN... >>> >>> Or, neither of them are errors :-) >> >> We'll remove the restriction in

Re: [DNSOP] About draft-ietf-dnsop-extended-error

2017-11-13 Thread Viktor Dukhovni
On Mon, Nov 13, 2017 at 06:02:11PM -0800, Wes Hardaker wrote: > Tony Finch writes: > > >> It can be argued that NODATA (pseudo rcode, I know) is an "error" as > >> well as NXDOMAIN... > > > > Or, neither of them are errors :-) > > We'll remove the restriction in any wording that says it can onl

Re: [DNSOP] About draft-ietf-dnsop-extended-error

2017-11-13 Thread Wes Hardaker
Tony Finch writes: > Stephane Bortzmeyer wrote: >> >> > It can be included in any error response (SERVFAIL, NXDOMAIN, >> > REFUSED, etc) >> >> It can be argued that NODATA (pseudo rcode, I know) is an "error" as >> well as NXDOMAIN... > > Or, neither of them are errors :-) We'll remove the rest

Re: [DNSOP] About draft-ietf-dnsop-extended-error

2017-11-13 Thread Tony Finch
Stephane Bortzmeyer wrote: > > > It can be included in any error response (SERVFAIL, NXDOMAIN, > > REFUSED, etc) > > It can be argued that NODATA (pseudo rcode, I know) is an "error" as > well as NXDOMAIN... Or, neither of them are errors :-) Tony. -- f.anthony.n.finchhttp://dotat.at/ - I

[DNSOP] About draft-ietf-dnsop-extended-error

2017-11-11 Thread Stephane Bortzmeyer
[About -00] Excellent idea, I strongly support the project. I intend to use it to register 451 for DNS censorship , following RFC 7725. (I'm serious.) > This document discusses extended *errors*, but