[dns-operations] COM referral responses from root without glue and TC bit
Viktor Dukhovni
ietf-dane at dukhovni.org
Fri Jan 12 21:37:30 UTC 2024
On Fri, Jan 12, 2024 at 02:25:15PM -0500, Puneet Sood via dns-operations wrote:
> Note: query does not use EDNS0; response does not set TC bit and has no glue.
> ; <<>> DiG 9.10.6 <<>> @m.root-servers.net kcmbrvwjafupdyztdq2ifvi6ye7fcacaaben6jaavmoaaaeqnqaaa2qaaaanh7j.a5erjsqwn7zic34e7psoufcfue6rsznpw34cx57gjhhqqj6edwr6o57wikagcdv.ard6pjajyuo6kmpbm6ohbbjppyhmkivhxxmgqgb5xjpl2cvvlzo34erwypot4fw.lh4aa5rzkni7yihszvyxxw43w4aa3cysaws7jtjg.dns.uas-1.optnl.com +noedns +ignore
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44314
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;kcmbrvwjafupdyztdq2ifvi6ye7fcacaaben6jaavmoaaaeqnqaaa2qaaaanh7j.a5erjsqwn7zic34e7psoufcfue6rsznpw34cx57gjhhqqj6edwr6o57wikagcdv.ard6pjajyuo6kmpbm6ohbbjppyhmkivhxxmgqgb5xjpl2cvvlzo34erwypot4fw.lh4aa5rzkni7yihszvyxxw43w4aa3cysaws7jtjg.dns.uas-1.optnl.com.
> IN A
This rather violates "Glue is not optional". The (mis)behaviour is
reproducible.
> We confirmed similar behavior from some of the other root operators.
>
> b;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 1
> c;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
> g;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
> i;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
> k;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
> m;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
> a;; flags: qr tc rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 1
> d;; flags: qr tc rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
> e;; flags: qr tc rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 1
> f;; flags: qr tc rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 1
> h;; flags: qr tc rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
> j;; flags: qr tc rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 1
> l;; flags: qr tc rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
> Relevant text from RFC 9471 abstract: If message size constraints
> prevent the inclusion of all glue records for in-domain name servers,
> the server must set the TC (Truncated) flag to inform the client that
> the response is incomplete.
Indeed, and so 6 out of 13 roots need to be updated to set TC=1 as
required.
--
Viktor.
More information about the dns-operations
mailing list