[DNSOP] Re: WG Last Call: draft-ietf-dnsop-structured-dns-error-17 (Ends 2026-03-13)

Wed, 25 Mar 2026 07:49:17 -0700 

On 25. 03. 26 12:23, tirumal reddy wrote:
On Wed, 25 Mar 2026 at 16:50, Petr Špaček <[email protected] <mailto:[email protected]>> wrote: 

    On 25. 03. 26 11:55, tirumal reddy wrote:
     > On Fri, 20 Mar 2026 at 21:25, Petr Špaček <[email protected]
    <mailto:[email protected]>
     > <mailto:[email protected] <mailto:[email protected]>>> wrote:
     >
     >     On 20. 03. 26 4:03, Mukund Sivaraman wrote:
     >      > I am attempting to implement support for Structured DNS
    Error on a
     >      > branch. Some questions as it's not clear from the draft:
     >      >
     >      > (1) When a client queries with the EDNS SDE option in the
    query,
     >     what is
     >      > the server behavior when there is a non-filtered non-other EDE
     >     response?
     >      > For example, if the EDE INFO-CODE is "Unsupported NSEC3
    Iterations
     >      > Value" (27) or "Rate Limited" (28), should a plain RFC
    8914 option be
     >      > returned or a structured DNS error be returned with the
    "j" (and
     >      > optionally "c" and "o") fields populated?
     >
     >     Indeed that's a good question. I have not considered that
    possibility.
     >
     >     The question is how real it is. If the query was blocked
    (which would
     >     cause the SDE to be generated), should other EDEs even be
    sent back
     >     at all?
     >
     >     I don't know. You've opened whole new can of worms.
     >
     >
     > SDE is limited to specific EDEs; otherwise, the EXTRA-TEXT is
    discarded.

    Oh! I did not realize that while reading the draft. I suggest adding
    text about that and having explicit list of EDEs which are affected,
    plus stating any other EDE is not affected at all.



This is already specified in Step 4 of Section 5.3, including the 
applicable EDEs, please refer to that section.



Sorry, that's misunderstanding. What Mukund and me are pointing out was 
confusion about section 5.2. Server Generating Response, not how client 
is processing things.



Nevertheless I re-read section 5.2 again and now I can see it is limited 
to "an EDE indicating blocking or modification of the response", so I 
think we are good.


Apologies for the noise!

--
Petr Špaček

_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]























					Reply via email to