[140141] in North American Network Operators' Group
Re: trouble with .gov dns?
daemon@ATHENA.MIT.EDU (David Conrad)
Tue May 3 10:24:57 2011
From: David Conrad <drc@virtualized.org>
In-Reply-To: <874o5c1huu.fsf@mid.deneb.enyo.de>
Date: Tue, 3 May 2011 07:23:56 -0700
To: Florian Weimer <fw@deneb.enyo.de>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On May 2, 2011, at 10:19 PM, Florian Weimer wrote:
> I would go even further---the DO bit is not about DNSSEC at all.
Err, yes it is.
> The
> resolver just promises to ignore any ancillary record sets it does not
> understand.
How people implement RFC 3225 does differ from the intent of the author, =
however I would be surprised if this is what DO is taken to mean in any =
resolver.
> If DO were about DNSSEC, a new flag would have been
> introduced along with DNSSECbis, where the record types changed so
> that for resolvers implementing the older protocol, the DNSSECbis
> records just looked like garbage.
You're suggesting RFC 3225 should have predicted DNSSECbis? Would it =
help if the interpretation of DO is that indicates the resolver supports =
"DNSSEC as defined at the time"?
This probably isn't the right venue for this discussion.
Regards,
-drc
