Section 1 ends with "Receivers MUST NOT change the processing of RCODEs in
messages based on extended error codes" but it is not fully clear what that
statement means in the light of the description in the beginning of the same
section where the motivation for extended error codes is that the resolver
cannot know what specific error that is behind, e.g., REFUSED and there does
not know what the best next step is.
Both section 3.18 (filtered) and section 3.19 (prohibited) has code 17. In the
registry table (4.2) it is code 17 and 18, respectively.
Both 3.14 (Cached error) and 3.20 (Stale NXDOMAIN answer) reports that the
RCODE returned was taken from cached. In 3.20 it is described in detail what
the resolver has done before the answer is returned, whereas in 3.14 there are
not details at all.
3.14 needs more specification of when to use cached SERVFAIL.
I think that the last sentence in 3.20 ("This is typically caused [...] result
of a DoS attack against another network") does not belong to a standard
document.
In 3.22 it would be better to say that the operation or query is not supported
("Not supported"). As the text is now it is unclear by whom it is deprecated.
I suggest that the sentence "This may occur because its most recent zone is too
old, or has expired, for example" is removed from 3.25 since there could be
multiple reasons and it is not needed to give an example in a standard document.
---
Mats Dufberg
DNS Specialist
Internetstiftelsen (The Swedish Internet Foundation)
Mobile: +46 73 065 3899
https://internetstiftelsen.se/
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
