nanog mailing list archives

Re: trouble with .gov dns?

From: David Conrad <drc () virtualized org>
Date: Tue, 3 May 2011 07:23:56 -0700

On May 2, 2011, at 10:19 PM, Florian Weimer wrote:

I would go even further---the DO bit is not about DNSSEC at all.


Err, yes it is.

The
resolver just promises to ignore any ancillary record sets it does not
understand.


How people implement RFC 3225 does differ from the intent of the author, however I would be surprised if this is what 
DO is taken to mean in any resolver.

If DO were about DNSSEC, a new flag would have been
introduced along with DNSSECbis, where the record types changed so
that for resolvers implementing the older protocol, the DNSSECbis
records just looked like garbage.


You're suggesting RFC 3225 should have predicted DNSSECbis?  Would it help if the interpretation of DO is that 
indicates the resolver supports "DNSSEC as defined at the time"?

This probably isn't the right venue for this discussion.

Regards,
-drc

Current thread:

trouble with .gov dns? William Herrin (May 02)
- Re: trouble with .gov dns? Florian Weimer (May 02)
  - Re: trouble with .gov dns? William Herrin (May 02)
    - Re: trouble with .gov dns? Florian Weimer (May 02)
    - Re: trouble with .gov dns? William Herrin (May 02)
    - Re: trouble with .gov dns? Tony Finch (May 02)
    - Re: trouble with .gov dns? Florian Weimer (May 02)
    - Re: trouble with .gov dns? David Conrad (May 03)
    - Re: trouble with .gov dns? William Herrin (May 03)
    - Re: trouble with .gov dns? Florian Weimer (May 03)
    - Re: trouble with .gov dns? Edward Lewis (May 03)
  - Re: trouble with .gov dns? Mark Andrews (May 02)
    - Re: trouble with .gov dns? Florian Weimer (May 02)