Re: [dns-privacy] [dnsdir] [Ext] WGLC : draft-ietf-dprive-unilateral-probing
On 2023-07-03 11:02 UTC, Paul Hoffman wrote: > On Jul 3, 2023, at 11:19 AM, Peter van Dijk > wrote: >> >> On Mon, 2023-07-03 at 10:50 +0200, Peter van Dijk wrote: >>> On Fri, 2023-06-30 at 16:32 +, Paul Hoffman via dnsdir wrote: The current wording at the end of 4.6.9 is: But if `R` is unsuccessful (e.g. timeout or connection closed): I believe that changing that to the following would fix the problem you describe: But if `R` is unsuccessful (RCODE other than 0, timeout, connection closed): Does that fix your case and not break other cases? >>> >>> You need to allow, at a minimum, RCODE 3 (NXDomain) too. >> >> After a poke from Paul, a clearer version: both RCODE 0 and RCODE 3 can >> be good responses from an auth. > > That's a good point. So, my suggested change becomes: > >> The current wording at the end of 4.6.9 is: >>But if `R` is unsuccessful (e.g. timeout or connection closed): >> >> I believe that changing that to the following would fix the problem you >> describe: >>But if `R` is unsuccessful (RCODE other than 0 or 3, timeout, connection >> closed): >> yes, that will probably work. > > I'll make that change soon unless someone points out other problems with it. > > --Paul Hoffman > > ___ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy -- In my defence, I have been left unsupervised. ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
Re: [dns-privacy] [dnsdir] [Ext] WGLC : draft-ietf-dprive-unilateral-probing
On Jul 3, 2023, at 11:19 AM, Peter van Dijk wrote: > > On Mon, 2023-07-03 at 10:50 +0200, Peter van Dijk wrote: >> On Fri, 2023-06-30 at 16:32 +, Paul Hoffman via dnsdir wrote: >>> The current wording at the end of 4.6.9 is: >>>But if `R` is unsuccessful (e.g. timeout or connection closed): >>> >>> I believe that changing that to the following would fix the problem you >>> describe: >>>But if `R` is unsuccessful (RCODE other than 0, timeout, connection >>> closed): >>> >>> Does that fix your case and not break other cases? >> >> You need to allow, at a minimum, RCODE 3 (NXDomain) too. > > After a poke from Paul, a clearer version: both RCODE 0 and RCODE 3 can > be good responses from an auth. That's a good point. So, my suggested change becomes: > The current wording at the end of 4.6.9 is: >But if `R` is unsuccessful (e.g. timeout or connection closed): > > I believe that changing that to the following would fix the problem you > describe: >But if `R` is unsuccessful (RCODE other than 0 or 3, timeout, connection > closed): > I'll make that change soon unless someone points out other problems with it. --Paul Hoffman ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
Re: [dns-privacy] [dnsdir] [Ext] WGLC : draft-ietf-dprive-unilateral-probing
On Mon, 2023-07-03 at 10:50 +0200, Peter van Dijk wrote: > On Fri, 2023-06-30 at 16:32 +, Paul Hoffman via dnsdir wrote: > > The current wording at the end of 4.6.9 is: > > But if `R` is unsuccessful (e.g. timeout or connection closed): > > > > I believe that changing that to the following would fix the problem you > > describe: > > But if `R` is unsuccessful (RCODE other than 0, timeout, connection > > closed): > > > > Does that fix your case and not break other cases? > > You need to allow, at a minimum, RCODE 3 (NXDomain) too. After a poke from Paul, a clearer version: both RCODE 0 and RCODE 3 can be good responses from an auth. (In hindsight, it's a terrible mistake that 1035 calls RCODE 3 "Name Error" - it's not an error.) Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
Re: [dns-privacy] [dnsdir] [Ext] WGLC : draft-ietf-dprive-unilateral-probing
On Fri, 2023-06-30 at 16:32 +, Paul Hoffman via dnsdir wrote: > The current wording at the end of 4.6.9 is: > But if `R` is unsuccessful (e.g. timeout or connection closed): > > I believe that changing that to the following would fix the problem you > describe: > But if `R` is unsuccessful (RCODE other than 0, timeout, connection > closed): > > Does that fix your case and not break other cases? You need to allow, at a minimum, RCODE 3 (NXDomain) too. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy