I know the IESG has already approved it, but I've noticed yet another (possibly) confusing point in draft-ietf-dnsop-edns-client-subnet-07. Hopefully it can be addressed as a minor clarification in the AUTH48 stage, so I'm raising it.
Section 7.5 of the draft states: If an Intermediate Nameserver receives a query with SOURCE PREFIX- LENGTH set to 0 it MUST forward the query as-is and MUST NOT replace it with more accurate address information. On the other hand, Section 7.1.2 states regarding the same case: A SOURCE PREFIX-LENGTH of 0 means the Recursive Resolver MUST NOT add address information of the client to its queries. The subsequent Recursive Resolver query to the Authoritative Nameserver will then either not include an ECS option or MAY optionally include its own address information, which is what the Authoritative Nameserver will almost certainly use to generate any Tailored Response in lieu of an option. These two seem to suggest different behaviors. On re-reading it, I found 'forwarded unchanged' or as-is' in Section 7.5 not very clear (especially because it's seemingly different from what is described in 7.1.2), but I first thought this means the forwarding resolver keeps the same ECS option (whose source plen is 0) in the query it sends out. Is that the actual intent of the authors? If so, it's almost impossible for me to interpret Section 7.1.2 that way. And, whichever is the authors intended behavior, I believe these sections should be revised so they will be consistent. -- JINMEI, Tatuya _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
