On 2020-04-06 at 12:19 -0400, Dave Lawrence wrote: > Matthew Richardson writes: > > However, is this going to cause any practical problems? > > Even outside DNSSEC, where it absolutely would be a problem, there are > some context for specialty applications where the difference between > the two types of negative answers is meaningful. The examples I can > think of off the top of my head are proprietary, but the general idea > should hold: if two things have semantically different meanings, > people somewhere are making use of the distinction.
I have seen the opposite problem than the op, servers returning NXDOMAIN when there are actually child records, and they should have returned NODATA, such as querying _domainkeys. Returning NODATA instead of NXDOMAIN would seem mostly to be an inefficiency, but section 4 of rfc 8020 documents how returning NXDOMAIN can mitigate some random QNAME attacks. 1- https://tools.ietf.org/html/rfc8020#section-4 _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
