[dns-operations] Reporting glue as authoritive data -- Bug!
Peter Koch
pk at DENIC.DE
Tue Jan 29 16:59:45 UTC 2008
On Tue, Jan 29, 2008 at 11:18:28AM -0500, Edward Lewis wrote:
> # 4. Start matching down in the cache. If QNAME is found in the
> # cache, copy all RRs attached to it that match QTYPE into the
> # answer section. If there was no delegation from
> # authoritative data, look for the best one from the cache, and
> # put it in the authority section. Go to step 6.
>
> If you want to believe that other parts of 1034 disallow putting the
> glue into the answer section, I will argue that step 4 permits the
> action. There is no restriction on the consideration of the
> provisioned glue as the seed of the server's cache.
<protocol-lawyer venue="probably wrong">
4.3.2 step 3b says:
Put whatever addresses are available into the additional section,
using glue RRs if the addresses are not available from authoritative
data or the cache.
This makes me believe that there are other options than considering the glue
pot part of the cache.
</protocol-lawyer>
> I wholeheartedly agree with Matt, I too believe this situation is not
> cut and dry.
Right. I guess the last time this discussion arose the conclusion was that
DNSSEC would strongly suggest to prefer referrals over answer-section-from-glue,
while at the same time we'd all hope said greedy resolver would have gone
sooner than later.
-Peter
More information about the dns-operations
mailing list