On Thu, 2021-03-11 at 19:11 -0800, Brian Dickson wrote: > From the status updates today, I see this draft has expired. I really like it > (and it is quite simple), and would like to see it picked up and completed > (adopted, rough consensus reached, published). > > Having reread it and the discussion, I am wondering if useful guidance can be > provided regarding the TC=1 and records added. > > If as much glue as will fit is included, but not all glue fits, add all the > glue that fits, and set TC=1. > The resolver SHOULD attempt to use the available glue, but retry over TCP if > none of the servers found via the available glue respond.
This sounds like something that might be very hard to fit into the flow of at least some code bases out there. > I.e. How is TC=1 interpreted currently by different implementations, and is > THAT an issue that could/should be clarified, either in this document, or in > a separate document? Answered below for us. > Is it necessary (at all) to mention keeping the glue that fits before setting > TC=1? > I don't think so, but maybe some commentary to that effect would be helpful? When we (PowerDNS auth) set TC=1, we empty the packet, based on the (somewhat under-argued) belief that different resolvers may draw different conclusions from what is there and what is not, and emptyingthe packet avoids ambiguity. Mirroring that, if the PowerDNS Recursor receives a TC=1 response (with rcode NOERROR or NXDOMAIN), no records are harvested and the whole query is retried over TCP. Based on only our choices, it is pointless to have any content in a TC=1 response. Others may feel somewhat differently, of course! Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
