[dns-operations] .com delegation responses when glue addresses don't fit
Mukund Sivaraman
muks at mukund.org
Wed Aug 19 17:33:20 UTC 2020
We notice the following response from .com's namesevers:
[muks at mx ~]$ dig +nord +dnssec +bufsize=512 @2001:502:1ca1::30 infoblox.com
; <<>> DiG 1.1.1.20200608151533.e8a2352e96 <<>> +nord +dnssec +bufsize=512 @2001:502:1ca1::30 infoblox.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15448
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 11, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;infoblox.com. IN A
;; AUTHORITY SECTION:
infoblox.com. 172800 IN NS ns1.infoblox.com.
infoblox.com. 172800 IN NS ns2.infoblox.com.
infoblox.com. 172800 IN NS ns3.infoblox.com.
infoblox.com. 172800 IN NS ns4.infoblox.com.
infoblox.com. 172800 IN NS ns5.infoblox.com.
infoblox.com. 172800 IN NS ns6.infoblox.com.
infoblox.com. 86400 IN DS 33613 5 2 339462CBAEB1773800EA8B688D2CA048FCAB0EB2933A97AEE2B86A9A 212F37C5
infoblox.com. 86400 IN DS 33613 5 1 629C2D6C060E2133CD0F4470F3ECC8834DA4FAD6
infoblox.com. 86400 IN DS 49879 5 2 605656DB7C9DFE4D8A453C350B3DA63039A78878DA089AD4247AB9A0 D3B43998
infoblox.com. 86400 IN DS 49879 5 1 C1DB78AD9A8928CB15A7E0CE9E4468D433F5C638
infoblox.com. 86400 IN RRSIG DS 8 2 86400 20200823050241 20200816035241 24966 com. 0s/TnWuxLdVzCQqY0tVauNXeCpirT5rYacvEpxaQfTxCjP2XfZkqHy4A SNoGyYWGZQdxTa7zXVgrKuWOoKZ2CKxC/kd++VnEJKoFw3llOoq56Wz+ lq65BS7E6/ZlE4Qgce8rhbBQVkE6Sk1YXkuxDbwoPYfvkHlfWaboeiNO 6y731Xcrq3vjqdG6YZCHyH64SSnVFypUiRN26H2HPsYsSg==
;; Query time: 19 msec
;; SERVER: 2001:502:1ca1::30#53(2001:502:1ca1::30)
;; WHEN: Wed Aug 19 17:30:29 GMT 2020
;; MSG SIZE rcvd: 512
[muks at mx ~]$
Glue address records are required in this delegation response, but none
are returned. TC=1 is not set. This causes problems with some resolvers.
Can someone at Verisign please check correctness of this response, and
set TC=1 for such responses?
It appears to be the problem statement of:
https://tools.ietf.org/html/draft-andrews-dnsop-glue-is-not-optional-01
Mukund
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200819/591b83b7/attachment.sig>
More information about the dns-operations
mailing list