On 2023-07-03 11:02 UTC, Paul Hoffman <paul.hoff...@icann.org> wrote: > On Jul 3, 2023, at 11:19 AM, Peter van Dijk <peter.van.d...@powerdns.com> > wrote: >> >> On Mon, 2023-07-03 at 10:50 +0200, Peter van Dijk wrote: >>> On Fri, 2023-06-30 at 16:32 +0000, Paul Hoffman via dnsdir wrote: >>>> The current wording at the end of 4.6.9 is: >>>> But if `R` is unsuccessful (e.g. timeout or connection closed): >>>> >>>> I believe that changing that to the following would fix the problem you >>>> describe: >>>> But if `R` is unsuccessful (RCODE other than 0, timeout, connection >>>> closed): >>>> >>>> Does that fix your case and not break other cases? >>> >>> You need to allow, at a minimum, RCODE 3 (NXDomain) too. >> >> After a poke from Paul, a clearer version: both RCODE 0 and RCODE 3 can >> be good responses from an auth. > > That's a good point. So, my suggested change becomes: > >> The current wording at the end of 4.6.9 is: >> But if `R` is unsuccessful (e.g. timeout or connection closed): >> >> I believe that changing that to the following would fix the problem you >> describe: >> But if `R` is unsuccessful (RCODE other than 0 or 3, timeout, connection >> closed): >>
yes, that will probably work. > > I'll make that change soon unless someone points out other problems with it. > > --Paul Hoffman > > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy -- In my defence, I have been left unsupervised. _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy