To:
dnssec@cafax.se
From:
David Blacka <davidb@verisignlabs.com>
Date:
Thu, 13 May 2004 10:17:25 -0400
Content-Disposition:
inline
In-Reply-To:
<Pine.LNX.4.44.0405131520530.30796-100000@expansionpack.xtdnet.nl>
Sender:
owner-dnssec@cafax.se
User-Agent:
KMail/1.6.2
Subject:
Re: dnssec: resolver - application communication
On Thursday 13 May 2004 9:21 am, Paul Wouters wrote: > On Thu, 13 May 2004, Ted Lindgreen wrote: > > contra: > > protocol change. > > implementation change of current recursive nameservers. > > > > Question: > > Is the optimalisation worth the extra delay, that this protocol > > change will cause in finalising RFC2535bis? > > No. How many times have we as a community said this, and then got the delay anyway? I have a hard time believing that adding an additional extended RCODE would cause any noticeable delay in the process, since the process isn't exactly zipping along at a breakneck speed now. DNSSEC workshop experience has shown (to me, at least) that using SERVFAIL for validation errors is sub-optimal. It may be that better debugging tools may make the use of SERVFAIL less bad, but I think that a NOTVAL rcode would nip a lot of operator confusion in the bud. -- David Blacka <davidb@verisignlabs.com> Sr. Engineer VeriSign Applied Research