bmanning@xxxxxxx: >> EDNS is essential for the implementation of DNS Security Extensions. >> All roots support DNSSEC. >> Calling out EDNS0 at this time is moot. marka@xxxxxxx: > Actually there are implementations that do DNSSEC fine but botch > EDNS. We have drafts coming through the IETF that expect full EDNS > version 0 compliance to work without having to do gross hacks like > dealing with incorrectly returned FORMERR, BADVERS and queries being > dropped because they happen to try to use a extension. Man, you must see a lot of bad sh*t in your professional life. :-) I cannot even wrap my head around the concept of doing DNSSEC fine while botching EDNS, but I know you well enough to take your word for it. :-) > The current root servers get this right. This is about preventing > things going wrong in the future. It is also about TLDs and others > that use the root server requirements as a basis for their > requirements. I do note that the current draft specifies "MUST do DNSSEC", which to me sounds like "and therefore needs to do EDNS". I wouldn't really mind adding EDNS to the draft, except, as noted earlier, it's just a framework, and specifying which parts of it must be implemented isn't a friendly slope to slide along. It also begs for other stuff to be listed, and we (again) risk ending up with legalese like "... including, but not limited to ..." - which I don't favour. And there's the text in RSSAC-001. I think I agree with Jari (if this is what you meant, Jari? ;-), that the current wording in _these_ documents (draft + RSSAC-001) is sufficient, and that work should be put into firming up the DNS specs in general, so that the "rubber wheel" clauses in RSSAC-001 get some "real tarmac" to work with and get good traction. So my current inclination wrt. this, is to leave the relevant text parts unchanged for -03 (which we seem to have to produce ...). Cheers, /Liman #---------------------------------------------------------------------- # Lars-Johan Liman, M.Sc. ! E-mail: liman@xxxxxxxxx # Senior Systems Specialist ! Tel: +46 8 - 562 860 12 # Netnod Internet Exchange, Stockholm ! http://www.netnod.se/ #----------------------------------------------------------------------