George Michaelson wrote on 2022-01-06 16:50:
for a 200 in 200,000,000 problem? Ban it.
i agree that we should ban it, but not on the basis of its infrequency of use. rather, on the basis of data provenance. let me explain.
an iterator has no reason to believe adobe.net's servers as to addresses under omtrdc.net, or vice versa. it can be used only for the current iteration and never as answer or additional data, and never put into a shared cache or used by other iterations even concurrently. chicken-or-egg problems mean that no iteration will ever have all of the data it needs to complete. when this loop is detected, the result should be servfail.
what's important in the context of this draft is to require this servfail, rather than letting it be implementation dependent. it ought to be possible for implementors to create regression tests around this, and for customers to create acceptance tests around this. servers which somehow work around chicken-or-egg glue paths must be declared "wrong". for something this critical to dns coherency, we must be conservative in what we accept.
-- P Vixie _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
