Re: trouble with .gov dns?

[Edward Lewis <Ed.Lewis () neustar biz>]

At 18:53 +0200 5/3/11, Florian Weimer wrote:
> * David Conrad:
>
> >  On May 2, 2011, at 10:19 PM, Florian Weimer wrote:
> > >  I would go even further---the DO bit is not about DNSSEC at all.
> >
> >  Err, yes it is.
>
> I know you think it is, but you're wrong if you look at the overall
> protocol.

This is becoming a thread-to-the-death over a general weakness in the 
DNS protocol.  (Realizing this mailing list is NANOG, not an IETF 
one.) Like it or not, "versioning" and "negotiation" are 
poor-to-non-existent in DNS.  What's happening here is a document 
author (David) meant one thing and implementations (e.g., BIND) 
interpreting the document another way.  It doesn't matter that David 
is right (in that he meant it another way, and the way is what the WG 
meant), it more matters that the ship has sailed on "fixing" this in 
implementations.  And frankly, the fix isn't that important in 
retrospect because what the implementers did is actually ok, we can 
and we do live nicely with it.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Me to infant son: "Waah! Waah! Is that all you can say?  Waah?"
Son: "Waah!"