On 22 Jan 2016, at 14:44, Wessels, Duane wrote:
I think I'm okay with "resolvers SHOULD send DO when priming." Seems like BIND and Unbound already do this.
Noted. Waiting to hear from a bunch more people on this.
Do we also need to say that the resolver SHOULD/MUST retry with DO=0 if there is no response to the first priming query?
Personal opinion: yes for SHOULD, but we need to integrate it with the earlier text about going to a different server if you don't get a response within 2 seconds.
The more important question may be: what shall the resolver do if validation of the priming response fails? I'm skeptical that we, as a group, will be willing to say that the resolver should refuse to forward any queries to a root unless validation succeeds.
Personal opinion: agree. We can say that it is local policy. One possible policy is to keep trying other hints until one response validates.
--Paul Hoffman _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
