Paul Vixie writes: > so, answering REFUSED when authoritative-only and receiving RD=1, and > answering REFUSED when recursive-only and receiving RD=0, and treating > AA=0 as "lame" when doing recursion, all lead to a choppy present but a > smoother future.
The third one seems distinctly different to me than the first two. How do changing those behaviours to a better future? In the first, RD=1 is merely useless so there's really no reason to be a busy-body about it. In the second, RD=0 is a reasonable way to query the state of the cache without changing it, and one I have personally found use for in my own debugging. Both of them are standards-reasonable ways to In the last, AA=0 is a clear standards-noncompliant signalling failure for which it is entirely appropriate to treat the responder as lame. (OTOH, if the data can be DNSSEC-validated, hey then whatever, AA was just redundant -- the data was authoritative even if the responder wasn't.) _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
