[dns-operations] sophosxl.net problem?
tale at dd.org
Mon Nov 11 19:36:09 UTC 2019
Paul Vixie writes:
> so, answering REFUSED when authoritative-only and receiving RD=1, and
> answering REFUSED when recursive-only and receiving RD=0, and treating
> AA=0 as "lame" when doing recursion, all lead to a choppy present but a
> smoother future.
The third one seems distinctly different to me than the first two.
How do changing those behaviours to a better future?
In the first, RD=1 is merely useless so there's really no reason to be
a busy-body about it. In the second, RD=0 is a reasonable way to
query the state of the cache without changing it, and one I have
personally found use for in my own debugging. Both of them are
standards-reasonable ways to
In the last, AA=0 is a clear standards-noncompliant signalling failure
for which it is entirely appropriate to treat the responder as lame.
(OTOH, if the data can be DNSSEC-validated, hey then whatever, AA was
just redundant -- the data was authoritative even if the responder wasn't.)
More information about the dns-operations