It's an error in the specification. ----- Original Message ----- From: Mukund Sivaraman <[email protected]> Sent: 2018-12-06 - 15:45 To: [email protected] Subject: [DNSOP] RFC 2136 pre-requisite checks before client authorization checks
> Hi all > > Does anyone know why RFC 2136 sequences pre-requisite checks (section > 3.2) to be performed before client permission checks (section 3.3)? It > seems weird to sequence them in this way, especially as it is cheaper to > perform client IP address checks (and some zone permission checks) > earlier in order. > > Section 3.3.2 talks about why the client permissions check is in that > position previous to subsequent actions, but not why it can't be > performed earlier. > > Mukund > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
