25 Kvě
2016
25 Kvě
'16
15:11
Johan,
basically it's possible to construct such zone (and/or tune the edns0 bufsize) to the
point that no GLUE is ever returned. We have decided that in this specific case (we are
just speaking about GLUE) it's much better to signal the information is incomplete.
I don't think this will cause any operational problems because it only covers a corner
case and any compliant resolver will just re-ask via TCP and be done with it.
We have been doing all kind of fancy stuff with +TC anyway in the last years (like RRL or
no-ANY) and this is not different in my eyes.
Cheers,
Ondrej
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
From: "Johan Ihrén"
<johani(a)netnod.se>
To: "Jan Včelák" <jan.vcelak(a)nic.cz>
Cc: "Johan Ihren" <johani(a)netnod.se>se>, knot-dns-users(a)lists.nic.cz
Sent: Wednesday, May 25, 2016 3:06:38 PM
Subject: Re: [knot-dns-users] Knot DNS 2.2.1 patch release
Hi Jan,
On 24 May 2016, at 15:10 , Jan Včelak <jan.vcelak(a)nic.cz> wrote:
Let's jump directly into it:
- The previous version was inconsistent in setting the TC flag for
delegations with a glue. We have decided to modify the behavior
slightly and the TC flag is now set always if a complete glue doesn't
fit the response.
Umm. I think that's in violation of the protocol, or at least a
misinterpretation of the protocol.
The coherency requirement for DNS is that the contents of the Answer and
Authority sections should be complete, otherwise set TC=1 to signal that they
are not.
The Additional section is explicitly not part of the requirement, regardless of
whether it contains glue, DNSKEYs or something else. The reason is that
different servers may have different amounts of Additional data available,
hence it is not possible to put the Additional section under the coherency
requirement.
What was the previous inconsistency that you needed to resolve?
Regards,
Johan
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users