To:
dnssec@cafax.se
From:
ted@tednet.nl (Ted Lindgreen)
Date:
Thu, 13 May 2004 17:02:25 +0200
In-Reply-To:
"Peter Koch's message as of May 13, 15:36"
Reply-To:
Ted.Lindgreen@tednet.nl
Sender:
owner-dnssec@cafax.se
Subject:
Re: dnssec: resolver - application communication
[Quoting Peter Koch, on May 13, 15:36, in "Re: dnssec: resolver ..."] > in practice (i.e. without DNSSEC) there are corner cases where subsequent > queries result in exactly that: first earns SERVFAIL, second gets the answer. > So, if the difference between SERVFAIL and "NOTVAL" really matters, a third > query may be necessary. Hmm, adapting the protocol to help stubresolvers to distinguish between errortypes in corner cases (that IS what is going on here: you are assuming a corner case AND some other error simultaneously) does not seem the right way to me. Using a debugging tool, which is most likely needed anyway when we want to analyse either lame or dead nameservers or bad signatures seems the better approach. As for the (stubresolving-)application: just NOT using information which is both intermittant and proven to be bad or bogus seems wise to me (in contrast to keeping on hammering the caching forwarded and hoping for whatever of a result). So, I do not think that even in this particular corner case the introduction of a new "NOTVAL" error code helps very much. -- ted