On 21:24 07/04, Dick Franks wrote: > On Thu, 7 Apr 2022 at 19:44, Joe Abley <[email protected]> wrote: > > > > On Apr 7, 2022, at 21:10, Paul Vixie <[email protected]> > > wrote: > > > > > but it seems to me you'd be better off with a zero-length option called > > > SERIAL which if set in the query causes the SOA of the answer's zone to > > > be added to the authority section (similar to an RFC 2308 negative proof) > > > and which option would only be echoed in the answer's OPT if the option > > > was supported. you'd want to specify that the SOA in this case is not > > > optional and that its truncation would cause the TC bit to be set. > > > > That sounds like a lovely and clean way to do this. I like it. > > > > This is an excellent idea, requiring trivial client-side support. > > PV did not say so, but I would expect the SOA's RRSIG to be included > in the response. >
The idea of having the complete SOA + RRSIG was proposed before[1] and were discussed its disadvantages regarding size increase[2], query amplification[3], authority/additional epistemological grief[4][5] with changes in processing[6]. I personally believe that the path of including the full SOA is dangerously close to multi-qtype[7][8], which has historically failed for various reasons. Finally, the full SOA prevents us from going down the path of using a zone versioning other than SOA serial, which allows other implementations to indicate useful data, as we discussed last week[9]. It is our understanding that the complete SOA path was rejected by the group, and that the path through the EDNS extension that also allows other types of versioning data would have greater consensus. Thanks, Hugo [1]: https://mailarchive.ietf.org/arch/msg/dnsop/JMMKO7Q6WfFq25pqMQ5Yjsklywc [2]: https://mailarchive.ietf.org/arch/msg/dnsop/Oy6DeGp9xiGenV8IsYy3faQbn1A [3]: https://mailarchive.ietf.org/arch/msg/dnsop/kGTyENBGDnNwR1YOALurQFMNB8g [4]: https://mailarchive.ietf.org/arch/msg/dnsop/D5ZYnZf-E_TOhZmTLjkaFWxO_P0 [5]: https://mailarchive.ietf.org/arch/msg/dnsop/1F24G6vtreg3q5c5PxEOndXCI68 [6]: https://mailarchive.ietf.org/arch/msg/dnsop/0kynqLc8Ksicv4JDX3opB3nYyfI [7]: https://mailarchive.ietf.org/arch/msg/dnsop/07ISssrct9IXXyMpOgwGBXUczlw [8]: https://mailarchive.ietf.org/arch/msg/dnsop/0kynqLc8Ksicv4JDX3opB3nYyfI [9]: https://mailarchive.ietf.org/arch/msg/dnsop/VGTgsYAPXF_KsHCi2ruNa57QWYU
signature.asc
Description: PGP signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
