On 13. 07. 26 16:38, Joe Abley wrote:
On 13 Jul 2026, at 16:21, Petr Špaček <[email protected]> wrote:

For example, a DNS response sent by an authoritative-only DNS server, which 
does not perform validation and hence has no obvious use for an NTA, SHOULD NOT 
include this EDE.

Why not MUST NOT?

I think MUST NOT is fine. And I agree with you that a SHOULD should ideally be 
accompanied with some discussion that helps an implementer make decisions.

I would normally couple a MUST NOT send with advice about what to do if you 
receive on anyway, but so long as these are human-targeted, informational 
debugging messages perhaps that doesn't matter much. But see below.

Personally I think machine parseable EXTRA-TEXT would be a good idea. Something 
like
{"d": "example.com", "e": "2026-07-30T00:00:00Z"}
or so.

RFC 8914 says that EXTRA-TEXT "is intended for human consumption (not automated 
parsing)" so I am not sure personally what I think about structuring the field to 
deliberately make it easier to parse. We put something in there about structured dns 
errors but I had some mild remorse about that after we published.

The way I interpret it is that it must be legible for humans. I.e. no binary blobs in EXTRA-TEXT. That does not preclude making the human readable text machine parseable at the same time. IMHO doing so costs nothing and opens possibilities.

Right now I know of DNS research surveys which parse EDE EXTRA-TEXT with vendor-specific rules because there's no other way.


If there was a really good use case for machine-parsing the information in the 
EXTRA-TEXT perhaps that would be convincing, but I can't really think of one.

For this specific case, say a diagnostic tool tools might provide detail than 'AD=0, some NTA somewhere in effect'.

Instead if might say something like ... Answer
wwww.example.com CNAME 1234.cdn.example
1234.cdn.example HTTPS ...
has AD=0 because NTA is activa at cdn.example.com.

And this can be in French because the tool could ingest the EDE + domain name in structured form and provide localized output.

Or the research stats could actually be made more reliable than hand-written regexes.


> The idea of communicating an end date seems superficially attractive, but NTAs are usually a reaction to an unplanned event, and the thing about unplanned events is that their timing is difficult to know ahead of time (end times as well as start times).

Agreed. Let's remove the expiry timestamp and keep structured DNS name in, then?

--
Petr Špaček

_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to