Hi, On Mon, Nov 13, 2017 at 08:14:14AM -0800, Paul Vixie wrote: > > If I ask the authoritative server for example.com about a name > > label.example.net, in a graph-theoretic sense the NS RRset for the > > root zone is clearly closer to label.example.net than anything else I > > can give. > > dns is not that kind of graph. > > if the qname is acetes.pa.dec.com and the query is being processed by the > dec.com authority server who knows that pa.dec.com is a delegation, then > pa.dec.com is closer to acetes.pa.dec.com than the root would be.
Obviously. But your example is still on the current tree, just not immediately below. The example I gave is in a completely different section of the tree, and my point is that none of the text you quoted shows why "." isn't the "closer server" that an authoritative server somewhere beneath com. can give in response to a qname that is somewhere beneath net. We might think today that is a misfeature in STD13, but I don't think it's a misinterpretation of what STD13 says. I don't know what kind of graph would make that false. > as i wrote during the SOPA wars, REFUSED has been widely used as an > administrative denial, and repurposing it would not be effective at this > late date. This, too, seems to be a claim that is at best poorly justified. It might be that it is how BIND interprets the RCODE, but it's not what it is defined to be. I'm anyway not sure your description in the circleid piece (or elsewhere) is inconsistent with the RFC 1035 definition of RCODE 5: "The name server refuses to perform the specified operation for policy reasons." Refusing to respond to this or that IP address is a policy, and refusing to perform upward referrals is also a policy, no? Best regards, A -- Andrew Sullivan a...@anvilwalrusden.com _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop