Re: [DNSOP] About draft-ietf-dnsop-extended-error

Paul Vixie <> Tue, 14 November 2017 09:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 188EF124205 for <>; Tue, 14 Nov 2017 01:06:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id EJIhnyD2sIag for <>; Tue, 14 Nov 2017 01:06:47 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1E72612008A for <>; Tue, 14 Nov 2017 01:06:47 -0800 (PST)
Received: from [IPv6:2001:559:8000:c9:2c81:6cd7:5872:4e2f] (unknown [IPv6:2001:559:8000:c9:2c81:6cd7:5872:4e2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by (Postfix) with ESMTPSA id 00ECA61FA2; Tue, 14 Nov 2017 09:06:46 +0000 (UTC)
Message-ID: <>
Date: Tue, 14 Nov 2017 01:06:46 -0800
From: Paul Vixie <>
User-Agent: Postbox 5.0.20 (Windows/20171012)
MIME-Version: 1.0
To: Joe Abley <>
References: <> <> <> <> <> <> <7043569809190448225@unknownmsgid>
In-Reply-To: <7043569809190448225@unknownmsgid>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [DNSOP] About draft-ietf-dnsop-extended-error
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 14 Nov 2017 09:06:48 -0000

Joe Abley wrote:
> ...
> I don't think it's sensible to say absolutely that there will never be a
> need to disambiguate NXDOMAIN or NOERROR since never is an awfully long
> time, and who knows or dares to dream?

that outcome depends on scope. if you imagine a protocol speaker 
behaving differently based on fine-grained differences in cause that 
relate in small ways to the larger NXDOMAIN/NOERROR status code, then i 
think we should not allow for that -- it would be madness, even compared 
to the present day.

if you believe that it will appear in "dig" output and syslogs and 
dnstap traces, so as to help diagnosticians and academicians decide the 
whichness of what, after the fact, then i agree, we should not prohibit 
the fine detail just because we think the gross details are obvious.

P Vixie