nanog mailing list archives
Re: trouble with .gov dns?
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 03 May 2011 18:53:21 +0200
* David Conrad:
On May 2, 2011, at 10:19 PM, Florian Weimer wrote:I would go even further---the DO bit is not about DNSSEC at all.Err, yes it is.
I know you think it is, but you're wrong if you look at the overall protocol.
If DO were about DNSSEC, a new flag would have been introduced along with DNSSECbis, where the record types changed so that for resolvers implementing the older protocol, the DNSSECbis records just looked like garbage.You're suggesting RFC 3225 should have predicted DNSSECbis?
Not quite. If DO was about DNSSEC in the strictest possible sense, then it would not have been possible to reuse the flag for DNSSECbis, which hasn't got anything in common with DNSSEC as far as the wire types are concerned. For a original-DNSSEC-supporting resolver, they look like garbage, just as the original DNSSEC records for some of the resolvers back then. So if DO referred to a specific set of record types (the original DNSSEC ones), you'd need a new flag for DNSSECbis. But this wasn't done, so DO does not cover a specific set of record types, and it is therefore not tied to a particular DNS protocol extension, including DNSSEC.
Current thread:
- trouble with .gov dns? William Herrin (May 02)
- Re: trouble with .gov dns? Florian Weimer (May 02)
- Re: trouble with .gov dns? William Herrin (May 02)
- Re: trouble with .gov dns? Florian Weimer (May 02)
- Re: trouble with .gov dns? William Herrin (May 02)
- Re: trouble with .gov dns? Tony Finch (May 02)
- Re: trouble with .gov dns? Florian Weimer (May 02)
- Re: trouble with .gov dns? David Conrad (May 03)
- Re: trouble with .gov dns? William Herrin (May 03)
- Re: trouble with .gov dns? Florian Weimer (May 03)
- Re: trouble with .gov dns? Edward Lewis (May 03)
- Re: trouble with .gov dns? William Herrin (May 02)
- Re: trouble with .gov dns? Florian Weimer (May 02)
- Re: trouble with .gov dns? Florian Weimer (May 02)