On Mar 2, 2021, at 5:23 AM, Peter van Dijk <[email protected]> wrote: > My suggestion (seriously): prohibit NSEC and RRSIG queries.
Prohibiting queries is pointless. Systems query freely, even if stupidly. ( Have you ever see the query traffic at the root servers? :-) ) A possibly-better option would be to define what the responses to pointless queries could be. Given that we know that different authoritative server software already offer different answers for this particular query, there is no need to define just one answer, but maybe list a set of answers (with logic for each). Or, we can just ignore it again until it comes up again fiveish years from now. Any attempted update to RFC 4035 will cause some people to squawk even if it makes the intent clearer. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
