> On 29 Nov 2017, at 21:18, Dick Franks <rwfra...@acm.org> wrote:
>> On 29 November 2017 at 12:17, Andrew Sullivan <a...@anvilwalrusden.com>
>> wrote:
>>
>> Right, and the authoritative server can't proceed, but the referral is
>> necessary. Good, this is helpful, thanks. This also means, of
>> course, that in such a response the answer section isn't empty. Is
>> this why you call it a "partial referral"?
>
> And said referral could be to an arbitrary node in the DNS tree, i.e.
> possibly "upward"?
>
> Or am I missing something?
In this case we’re dealing with an authoritative answer containing a CNAME
pointing out of the server’s authoritative data.
If the server is authoritative only, then there are three cases: (1) the CNAME
points to a child zone, so the authority section contains a referral - this is
the partial answer plus referral case that Mark described; (2) the CNAME points
to a different non-child zone and the server provides full answers, in which
case the authority section contains the apex records of the zone containing the
CNAME owner; or (3) same as (2) but the server sends minimal answers with an
empty authority section.
If it is a 1034 hybrid rec+auth server, the 4.3.2 algorithm step 4 requires the
same referral in case (1) because there is a “delegation from authoritative
data”; in case (2) you get an implicit referral from the cache (which can be
upwards).
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
