> On Sep 12, 2019, at 12:42 PM, Vittorio Bertola
> <[email protected]> wrote:
>
> But isn't the foremost motivation of this document to allow the client to
> tell between SERVFAIL due to DNSSEC validation failure and SERVFAIL due to
> resolver issues, and try another resolver in the latter case but not in the
> former?
That's the crux of the matter and, in short, *no*, that's not (or should
not be) the motivation.
SERVFAIL means, and will continue to mean, I can't help you, better luck next
time (or elsewhere).
The new EDEs are *diagnostic* detail to aid in troubleshoots, but do not
override RCODEs. They are not a more fine-grained RCODE one might "act on".
If we want more fine-grained *actionable* codes, there's plenty of room for
more values in the 12-bit EDNS RCODE.
[ I chatted off-list with Wes, the above appears to match his take, with a bit
luck also rough WG consensus... ]
--
Viktor.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
