The AA bit is a useless bit of frippery in the DNS protocol.
Kevin Darcy
kcd at daimlerchrysler.com
Tue Aug 17 21:41:51 UTC 2004
Jonathan de Boyne Pollard wrote:
>KD> Is this important? I have yet to find an application that
>KD> cares about the setting of the AA bit.
>
>I've found three: dnstracer, Sendmail, and BIND.
>
Well, dnstracer and BIND are actual DNS software; when I said
"application" I meant something that was strictly a consumer of DNS
information. As for sendmail, based on a brief review of the source
code, version 8.12.11 at least seems to have no dependencies on the AA
bit: the config-file parser is capable of setting the RES_AAONLY flag in
the resolver, but that's the extent of it; the AA bit in DNS responses
appears never to be tested at any point.
><URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dnstracer-incorrect-algorithm.html#RFCNonCompliance>
><URL:http://groups.google.com./groups?selm=bdprmb%242ncu%241%40FreeBSD.csie.NCTU.edu.tw>
><URL:http://groups.google.com./groups?selm=c3o04s%248tn%241%40sf1.isc.org>
>
>Of course, the "AA" bit in DNS responses *is* a useless bit of frippery
>in the DNS protocol. In using it, all three of those applications are
>broken.
>
><URL:http://groups.google.com./groups?selm=3E9C4ABF.D8DE6467%40tesco.net>
>
>Indeed, for quite a few years now every few months in the various DNS
>server discussion fora someone new has come along having hit the bug in
>BIND that results from its daft "credibility" mechanism.
>
><URL:http://cr.yp.to/djbdns/bugtraq/20000112082807-15140-qmail@cr-yp-to>
>
Ah, an oldie but a goodie! Curiosity compels me to inquire: do any of
the criticisms in that rant-o-gram apply to BIND 9?
- Kevin
More information about the bind-users
mailing list