).
So NOTAUTH is used here for "Not Authorized" (RFC3845).
Regards,
Daniel
On 06/14/2016 02:21 PM, Roger Murray wrote:
Hey Anand,
Thanks for the quick response.
On 13Jun, 2016, at 19:39 , Anand Buddhdev
<anandb(a)ripe.net> wrote:
On 13/06/16 19:09, Roger Murray wrote:
Hi Roger,
I am seeing a response from a knot name server
that I am working on
that has me a little confused. When I do zone transfer requests from
clients that aren’t allowed to do a zone transfer I expect to receive
rcode 5 REFUSED, but I am receiving rcode 9 NOTAUTH.
The REFUSED rcode is
generally used to indicate that a server isn't
carrying the zone you queried for.
However, when a server does have a zone loaded, and can answer queries
for it, but just won't allow zone transfers, then NOTAUTH is the right
response, meaning "I have the zone, but I won't XFR it to you”.
I am
digging through the RFC’s and I interpret them to as saying the exact opposite. As far as
I can tell the REFUSED rcode is a refusal based on policy (RFC1035) and then that NOTAUTH
rcode is that the nameserver isn’t authoritive for the queried zone (RFC2136). I am
finding mixed implementation in the wild and was wondering what the knot developers based
the implementation decision on.
Is this
the expected behaviour? Is this configurable?
Yes it is expected behaviour, and as
far as I know, it's not configurable.
Regards,
Anand
Best regards,
/rog
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users