[dns-operations] [Ext] Verisign TLDs, some other servers may trim critical glue from very large referrals

Edward Lewis edward.lewis at icann.org
Fri Jan 4 16:35:42 UTC 2019

On 1/4/19, 11:23, "Tony Finch" <dot at dotat.at> wrote:

    Edward Lewis <edward.lewis at icann.org> wrote:
    > This is an interesting protocol-implementation question.  What's being
    > returned by the server in this case is reasonable (according to the
    > protocol) but evidently less than useful.
    In the terminology of RFC 4472, in-bailiwick glue is "critical" additional
    data, which must either be included in a response or the TC bit must be set.
    There's a really good discussion of the issues in appendix B.

I understand all that.  What I mean is that in all the years I had spent in IETF activity, this issue never seemed to be discussed outside of that document.  RFC 4472 is listed as "informational".  (I'll note, in looking through the document to see who was involved in the preparation, I see my own name. ;))

(When it comes to IPv6 documents, I have no recollection of anything.)

The recently published "DNS Terminology" (BCP 219) doesn't contain the word "critical" anywhere.

I say this to claim that there's a protocol definition gap, not simply an operational issue.  The rules for what causes TC bit to be set don't take into consideration "critical" glue or additional section information.  That is, there's an assumption, evidently incorrectly, that all additional section information is optional.

More information about the dns-operations mailing list