>> Unless, of course, the target doesn't like you and refuses your
>> queries for policy reasons.
>
>Note that I said "unconditionally refusing all NS queries". Conditionally
>refusing queries based on query source behaviour is off-topic.
Perhaps the target doesn't like anyone. Here's the entire discussion
of "refused" from RFC 1034, for the benefit of people who haven't read
it lately:
5 Refused - The name server refuses to
perform the specified operation for
policy reasons. For example, a name
server may not wish to provide the
information to the particular requester,
or a name server may not wish to perform
a particular operation (e.g., zone
transfer) for particular data.
(It really is the entire discussion, the word "refused" appears
nowhere else.)
>The section in question of the draft under discussion talks about the
>specific case where a load balancer is returning REFUSED because it
>did not implement NS queries, ...
We know what the draft says. That case sure sounds to me like it does
"not wish to perform a particular operation for particular data",
where the operation is a query and the data is NS records. Yeah, it's
generally a bad idea, but so what?
If anyone thinks this isn't a valid use of refused, a citation to the
RFC that updates this part of RFC 1035 would be a good place to start.
R's,
John
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
