Hi Tobias, A small reaction to one thing you said, on a tagent from Geoff's wider review:
On 9 Jan 2026, at 10:36, Tobias Fiebig <[email protected]> wrote: >> 4. Section 4.2: "when responding to recursive queries sent by stub >> DNS". How can a recursive resolver know that a query has been sent by >> a stub resolver? > > RFC1035 defines an 'RD' bit in DNS queries. If it is present in a > query, a recursive resolver can safely assume that the query has not > been sent by a recursive resolver acting as a recursive resolver for > this specific query. This is not true ("safely assume"). There is a complex graph of actors between stub resolvers and authority servers in the real world, many of which originate queries with RD=1. For example, ISP resolvers which forward queries to public resolvers with RD=1 are commonplace. Home gateways that receive queries from devices within the home, and forward to other upstream resolvers with RD=1 following a cache miss are commonplace. These are not niche configurations. I have not read your proposed changes to the text to address the comment from Geoff that prompted your response above, but if it is based on the "safe assumption" above you may want to revisit it. Joe _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
