Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-glue-is-not-optional-00.txt

Fri, 05 Jun 2020 14:23:20 -0700 


> On Jun 5, 2020, at 1:40 PM, John Levine <jo...@taugh.com> wrote:
> 
> In article <5e86e9ee-a022-44f0-9483-f498a03c3...@verisign.com> you write:
>>> The current document is indeed ambiguous. I propose that it be changed to:
>>>  If all glue RRs do not fit, set TC=1 in the header.
>> 
>> I believe this is contrary to how most authoritative DNS software works 
>> today, isn't it?
> 
> I hope not. If it sends only part of the glue without a hint that
> there's more if they requery, that's a recipe for failure. People sent
> some examples last week.
> 

Here's one example, 0124.org which has five in-domain name servers with glue:

$ for sz in `seq 604 16 700`; do echo -n "BUFSIZE $sz " ; dig +norec +ignore 
+dnssec +bufsize=$sz @199.19.57.1 0124.org | grep ';; flags:' ; done
BUFSIZE 604 ;; flags: qr tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
BUFSIZE 620 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 1
BUFSIZE 636 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 2
BUFSIZE 652 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 3
BUFSIZE 668 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 4
BUFSIZE 684 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 5
BUFSIZE 700 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 6

Note that one of the Additional RRs is always the OPT RR.

And from everyone's favorite, the root servers:

$ for s in a b c d e f g h i j k l m ; do echo -n "$s  " ; dig 
@$s.root-servers.net +dnssec +norec +ignore +bufsize=700 example.com | grep ';; 
flags:' ; done
a  ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 5
b  ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 5
c  ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 5
d  ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 7
e  ;; flags: qr tc; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 5
f  ;; flags: qr tc; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 5
g  ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 5
h  ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 7
i  ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 5
j  ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 5
k  ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 7
l  ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 7
m  ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 15, ADDITIONAL: 7



DW

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to