bundy icon indicating copy to clipboard operation
bundy copied to clipboard

Published 20 hours ago verified publisher icon bundy-dns

stop sending authority/additional section when sending answer of type DS

Open cstrotm opened this issue 8 years ago • 2 comments

Shane wrote:

I have been running the latest version of ymmv for some days now, and it discovered a difference in the reply from yeti-dns01.dnsworkshop.org for:

$ dig -t ds is.

It is a bit odd, since it is returning the authoritative answer for the DS lookup AND the delegation information for the root zone. I don't think it causes any problems, but it is a difference.

BIND 9 and Windows 2016 DNS (possibly others) only return the DS, without Authority/Additional section

Is there a RFC reference?

cstrotm avatar Oct 19 '16 08:10 cstrotm

I don't think it's a delegation. Since is./DS belongs to the root zone, it should simply include the ./NS in the authority section just like any authoritative answer from any zone.

BIND 9 intentionally omits the NS for DS queries, presumably so that the response won't be too big:

2678.   [func]      Treat DS queries as if "minimal-response yes;"
            was set. [RT #20258]

jinmeiib avatar Oct 21 '16 01:10 jinmeiib

Hello JINMEI Tatuya,

I agree, it's authoritative data returned as with other RR requests. I plan to make the change similar to what BIND 9 and other DNS server do when implementing "minimal-answers" for Bundy. This ticket is an reminder.

cstrotm avatar Oct 21 '16 10:10 cstrotm