[dns-operations] question regarding rcodes REFUSED vs NOTAUTH
roger.murray at iis.se
Tue Jun 14 12:36:59 UTC 2016
I have some questions regarding expected rcodes and what can be found in the wild.
We are currently trying out Knot and noticed that it “broke” our monitoring. A perl script that checks the rcode of a request for a zone transfer and we expect it to return REFUSED (rcode 5), but Knot returns NOTAUTH (rcode 9). It is easy to fix the monitoring, but I got curious as to what the rcode should be. As far as I can tell by reading rfc’s (1035 and 2136) REFUSED (rcode 5) is a refusal for policy reasons while NOTAUTH (rcode 9) is that the nameserver is not authoritative for the zone.
Is there more/another rfc that can shed more light on this difference?
What should the rcode be?
Anyone know why different nameservers are implementing the response codes differently?
Systemspecialist DNS, IIS
Mobil: +46 709 48 5242
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the dns-operations