On 26.7.2017 12:56, Tony Finch wrote: > Joe Abley <jab...@hopcount.ca> wrote: >> >> If anybody else here has thoughts about specific text or violent >> objections to including QTYPE=RRSIG in general, please let me know (I >> looked in the mail archive but couldn't find any there). > > I think it's helpful to mention RRSIG explicitly since it isn't > immediately obvious that it's a stealth ANY query. (It becomes > apparent to implementers fairly rapidly tho!) > >> As we discuss (see Stephane's points) in the case of multiple >> transports, perhaps we can also recommend that implementors provide >> configuration options to allow administrators to deal with ANY, RRSIG, >> neither or both. That way we get flexibility that matches deployment, >> but we also get a reference for handling RRSIG in a predictable way. > > I think the draft should recommend a simple on/off switch and describe > sensible behaviour when it is on. Mainly because I think we know what > that sensible behaviour is, and I don't think it's a big enough feature > to deserve a lot of configuration and documentation complexity.
I agree with Tony that we know what that sensible behaviour is so, with my implementor hat on, I would be perfectly happy with implementation-specific behavior with no knobs at all. If you don't like it, feel free to pick another implementation. Petr Špaček @ CZ.NIC > > Having said that, the initiator side (section 5) needs a bit of work. > Something like, > > ANY queries SHOULD be sent using the same choice of transport as other > queries (typically, try UDP first, and only use TCP if the response is > truncated). As an exception, debugging and diagnostics tools MAY have > a special case for ANY queries. > > (bleeding-edge versions of `dig` use TCP for ANY) > > Tony. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop