To give an example of a user, Let's Encrypt are currently the unbound
option of harden-below-nxdomain
(https://community.letsencrypt.org/t/minor-dnssec-validation-change/246329)
which implements RFC 8020 for DNSSEC signed domains.
On 18/06/2026 22:59, John R Levine wrote:
On Thu, 18 Jun 2026, Olafur Gudmundsson wrote:
In the 10 years that “X lies” have been in use there has only been
minimal set of complaints all all of them from
end-user tools, no complaints about behavior of resolvers or
forwarders, as they only care about one thing:
“Does the record being asked about exist?” full stop.
The existence of the name is a wider scope that only end-user-tools
may care about.
You don't know anyone who's using RFC 8020? I'm not snarking, it's a
real question.
R's,
John
PS: THe urge is great to subit an erratum for 8020 which replaces the
entire text sith "just kidding."
PS: There was another copy of this email sent from an address that can't
send mail to the IETF, please disregard it.
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]