strange response to the DS request
神明達哉
jinmei at wide.ad.jp
Fri Mar 4 21:12:18 UTC 2016
At Sat, 05 Mar 2016 07:23:46 +1100,
Mark Andrews <marka at isc.org> wrote:
> There is nothing strange here beyond a missing delegation.
I'm not opposed to this conclusion itself, but:
> > If so, I agree it looks odd, and we might say it's against Section
> > 2.2.1.2 of RFC3658 (if we superficially applied this section the answer
> > would be NOERROR-NODATA with the SOA of www.example.com).
>
> No. The algorithm stops at step 1. Example.com "holds" the DS
> if it existed.
>
> 1) If the nameserver is authoritative for the zone that holds the DS
> RR set (i.e., the zone that delegates <QNAME>, a.k.a. the "parent"
> zone), the response contains the DS RR set as an authoritative
> answer.
But in this case the zone that would otherwise be the parent (=
example.com) does not delegate <QNAME> because there's no NS, so I
thought step 1 didn't apply.
--
JINMEI, Tatuya
More information about the bind-users
mailing list