In message <D1E3F194-34AD-4968-8ACE-7E8D7990413B(_at_)isi(_dot_)edu>, manning
bill writes:
EDNS is essential for the implementation of DNS Security Extensions.
All roots support DNSSEC.
Calling out EDNS0 at this time is moot.
Actually there are implementations that do DNSSEC fine but botch
EDNS. We have drafts coming through the IETF that expect full EDNS
version 0 compliance to work without having to do gross hacks like
dealing with incorrectly returned FORMERR, BADVERS and queries being
dropped because they happen to try to use a extension.
The current root servers get this right. This is about preventing
things going wrong in the future. It is also about TLDs and others
that use the root server requirements as a basis for their requirements.
Mark
(I'll say that 2870bis is on thin ice, since the IETF/IAB have no
leverage on root server operators. This community can pontificate at
length, but the actual operations will
dictate, not some wish list from an "arms-length" standards body...
Just sayin')
/bill
PO Box 12317
Marina del Rey, CA 90295
310.322.8102
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka(_at_)isc(_dot_)org