authoritative return CD?
reed at reedmedia.net
reed at reedmedia.net
Thu Oct 3 13:25:44 UTC 2019
Why does named authoritative return CD in response when CD in query?
RFC4035 3.1.6/2 "A security-aware name server SHOULD clear the CD bit
when composing an authoritative response."
I know it is not a MUST, but where is the decision documented for BIND
named? Is it simply for the client to know that the server knew it
didn't check it?
I understand from same RFC that a recursive response would copy the CD
back, but in the authoritative case I also get a "aa" back (with the
"cd").
I also read a nsd differences document that mentioned its behaviour was
different.
I didn't confirm, but I think this is related to
DNS_MESSAGE_REPLYPRESERVE and 4534. [bug] Only set RD, RA and CD in
QUERY responses. [RT #43879]
Thanks,
Jeremy C. Reed
echo Ohl zl obbx uggc://errqzrqvn.arg/obbxf/csfrafr/ | \
tr "Onoqrsuvxzabcefghl" "Babdefhikmnoprstuy"
More information about the bind-workers
mailing list