Re: [DNSOP] Clarifying referrals (#35)

Dave Lawrence <tale@dd.org> Wed, 15 November 2017 02:04 UTC

Return-Path: <tale@dd.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ADE6129418 for <dnsop@ietfa.amsl.com>; Tue, 14 Nov 2017 18:04:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OL0K9Sq_nYqv for <dnsop@ietfa.amsl.com>; Tue, 14 Nov 2017 18:04:37 -0800 (PST)
Received: from gro.dd.org (gro.dd.org [207.136.192.136]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C8261200CF for <dnsop@ietf.org>; Tue, 14 Nov 2017 18:04:37 -0800 (PST)
Received: by gro.dd.org (Postfix, from userid 102) id 398663F432; Tue, 14 Nov 2017 21:04:36 -0500 (EST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <23051.41140.187552.962508@gro.dd.org>
Date: Tue, 14 Nov 2017 21:04:36 -0500
From: Dave Lawrence <tale@dd.org>
To: dnsop@ietf.org
In-Reply-To: <20171114175300.GA45323@isc.org>
References: <20171113014445.ncldrwnuuvluecx7@mx4.yitter.info> <5A08FD96.8030907@redbarn.org> <20171113020736.ga7rzgst2hurb56h@mx4.yitter.info> <5A09068A.3030206@redbarn.org> <20171113032640.tbn7icsllm6jeeny@mx4.yitter.info> <5A09C4D6.6080202@redbarn.org> <20171114063209.gjubqyovnwcrl33a@mx4.yitter.info> <5A0A952F.1060001@redbarn.org> <20171114080638.GA41253@isc.org> <5A0AA777.9010908@redbarn.org> <20171114175300.GA45323@isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TkAi-zSVpCvkuQN1kp4yoZ7wN4U>
Subject: Re: [DNSOP] Clarifying referrals (#35)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 02:04:38 -0000

Evan Hunt writes:
> Okay. I haven't encountered a resolver that propgates REFUSED from the
> authority to the stub.  If there is such a beast, then IMHO that, not the
> authority, is the one that's mis-using REFUSED; REFUSED only makes sense on
> a hop-by-hop basis.

Very much agree.  I'd be surprised to see REFUSED from a resolver.

Now on the other hand, using extended-error for signalling from a
resolver that the known authorities all returned REFUSED, that's
interesting and can be made unambiguous as a code apart from the
currently proposed extended-error 4, "Prohibited".