[dns-operations] Reporting glue as authoritive data -- Bug!
Mark Andrews
Mark_Andrews at isc.org
Tue Jan 29 02:20:58 UTC 2008
>
> > * Matt Larson:
> >
> > > On Fri, 25 Jan 2008, Paul Vixie wrote:
> > >> BIND9 does what the RFC says,
> > >
> > > Chapter and verse, please. I believe this situation is not cut and
> > > dry according to an RFC, but I am more than willing to be enlightened.
> >
> > I've also seen the answers Lutz described from BIND 9 servers, so I'm
> > a bit puzzled, too.
>
>
> RFC 1034.
>
> 3. Start matching down, label by label, in the zone. The
> matching process can terminate several ways:
>
> You leave the zone when you hit the NS RRset at bottom of
> zone. 3b reinforces this statement. Glue is below the
> zone.
>
> b. If a match would take us out of the authoritative data,
> we have a referral. This happens when we encounter a
> node with NS RRs marking cuts along the bottom of a
> zone.
>
> RFC 2181 also has a retriction about promoting additional
> records (glue) to the answer section.
Say you have a delegation for sub.example.net like
ns.sub.example.net A 1.2.3.4
sub.example.net NS ns.sub.example.net
Match down label by label you try ".", "net.", "example.net."
"sub.example.net." at which point you process the query as
per 3b. You never see ns.sub.example.net.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the dns-operations
mailing list