Re: axfr-clarify supporting unauthorized users

[Kevin Darcy <kcd@daimlerchrysler.com>]

"D. J. Bernstein" wrote:

> [ post by non-subscriber.  with the massive amount of spam, it is easy to miss
>   and therefore delete posts by non-subscribers.  your subscription address is
>   54830374684695-namedroppers@sublist.cr.yp.to, please post from it or, if you
>   wish to regularly post from an address that is not subscribed to this
>   mailing list, send a message to namedroppers-owner@ops.ietf.org and ask to
>   have the alternate address added to the list of addresses from which
>   submissions are automatically accepted. ]
>
> Kevin Darcy writes:
> > Something could be put in an OPT record, for instance, detailing the
> > error condition further, extended flags could be used, or a whole new
> > RR type could be created dedicated to error reporting.
>
> And, once these error-message extensions were added to the protocol,
> would we then have nitwits claiming that all the servers saying REFUSED
> were suddenly non-compliant because ``making it easier to detect common
> misconfigurations is an important aspect of interoperability''?

No, RCODE=REFUSED would still be a valid response for the foreseeable future, but
these other, richer error-reporting mechanisms would be preferred. RCODE=REFUSED
is *already* documented in the relevant DNS specifications; TCP FIN in response
to an AXFR request is *not* and does not need to be grandfathered.


- Kevin




--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>