[dns-operations] question regarding rcodes REFUSED vs NOTAUTH
Paul Vixie
paul at redbarn.org
Sat Jun 18 20:46:29 UTC 2016
Mark Andrews wrote:
> In message<0FE2F15C-E1C0-47CC-8605-FE8464DF77A7 at iis.se>, Roger Murray writes:
>> Hey everybody,
>>
>> I have some questions regarding expected rcodes and what can be found in
>> the wild. ...
>> Questions:
>> Is there more/another rfc that can shed more light on this difference?
>
> REFUSED is or should be a policy based result.
>
> NOTAUTH is a data driven result where data includes the list of
> configured zones.
while that sounds reasonable to me, i don't think there's an RFC that
describes the use of NOTAUTH or the other recent RCODEs for use in
QUERY. they are defined in RFC 2136 and an UPDATE initiator should
expect to hear them.
>> Anyone know why different nameservers are implementing the response codes
>> differently?
>
> Different authors. NOTAUTH is more precise than REFUSED and that
> is why I switched named to using it if the QNAME is wrong.
given that there's a recent AXFR clarification RFC, it's odd that noone
proposed expanding the RCODE values available to a responder.
i do not think it's wise to answer QUERY with any opcode that did not
exist when QUERY was defined, unless it's first proposed and accepted as
a protocol change to QUERY. RFC 2136 does not do this.
--
P Vixie
More information about the dns-operations
mailing list