On Fri, 6 Mar 2015, Paul Vixie wrote:
Paul Wouters wrote: On Fri, 6 Mar 2015, Evan Hunt wrote:(As an aside: I've often wondered why the DNS doesn't have *more* meta-query types, less extensive than ANY, such as a single type covering A and AAAA. nothing prevents a server from answering A with AAAA as additional data, or answering AAAA with A as additional data. there can be no delegation point between rrtypes at a single node, so poisoning isn't to be feared. the RRSIGs for additional data can be included just as when A/AAAA additional data is included with MX, SRV, or NS. i'd like to see this done. it would not require an internet-draft, or if one existed, it would be an FYI nor STD.
At the time, I was more thinking of an EDNS option with a nsec3-style bitmap to specify which RRTYPE's you are interested in. Those would have to include the proof that something does not exist. It gets trickier if you want to support asking for "IPSECKEY and TLSA record for www.nohats.ca" and map that to the proper _443._tcp.www.nohats.ca. for TLSA and its NSEC3 records. People were pretty fast to say "just send multiple queries at once". And that is kind of true, and exactly what is now done with A / AAAA. But it would be better to get one query reply so you can make an informed decision instead of either waiting for the 2nd query or doing v4 when you could have done v6 if you had waited on the second query reply. The problem with specifying this without a new EDNS option is that you don't know the differenec between old software or a missing A/AAAA record - you just know it was not in the reply. So software will still use two queries. It's fixable, but the migration path will take years while we don't have a good dns library to do this work in that everyone will then use. Paul _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
