On 19 Mar 2018, at 5:21, Matthijs Mekking wrote:
Negative response:
I and some others have been using the term 'Negative response' to
indicate that the response does not contain any records in the Answer
section. Current definition seems to imply that this is only the case
if the RCODE is NXDOMAIN, NOERROR, SERVFAIL or if there was a timeout
(unreachable). The definition I have been using includes responses
with other RCODEs too, for example FORMERR or REFUSED.
I wonder if this is just me and my bubble or if others also a slightly
different meaning of 'Negative response' as it is defined now. If
there are others, is it worth spending a line or two about this here?
Some implementations put things in the Answer section even when it seems
like they are saying negative things. This does not appear to be
prohibited by RFC 1035 or updates, but I could be wrong.
RRsets:
Raised by a discussion I had at the Hackathon, I think it would be
useful to add some clarification about RRSIGs and their role with
respect to RRsets. Perhaps a quote from RFC4035 will do:
An RRset MAY have multiple RRSIG RRs associated with it. Note that
as RRSIG RRs are closely tied to the RRsets whose signatures they
contain, RRSIG RRs, unlike all other DNS RR types, do not form
RRsets. In particular, the TTL values among RRSIG RRs with a
common
owner name do not follow the RRset rules described in [RFC2181].
Great suggestion. I only remember that last bit some of the time when I
(incorrectly) say "all records in an RRset have the same TTL".
Last, I don't fully understand the meaning of the cryptic comment
about QTYPE=ANY that is under the RRset definition:
(This definition is definitely not the same as "the
response one gets to a query for QTYPE=ANY", which is an
unfortunate misunderstanding.)
Can you explain why this comment is here?
Um, no. :-( I'll remove it.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop