authoritative return CD?
Evan Hunt
each at isc.org
Thu Oct 3 18:43:39 UTC 2019
On Thu, Oct 03, 2019 at 08:25:44AM -0500, reed at reedmedia.net wrote:
> Why does named authoritative return CD in response when CD in query?
At a guess, because it does so for recursive responses and no one ever
thought to special-case authoritative responses.
That code was added along with all the rest of the DNSSEC-bis work
in BIND 9.3.0 in 2004, and I haven't found any documentation of that
particular design decision; I suspect it was just an oversight.
Do you know of any interoperational problems this causes?
> I didn't confirm, but I think this is related to
> DNS_MESSAGE_REPLYPRESERVE and 4534. [bug] Only set RD, RA and CD in
> QUERY responses. [RT #43879]
Yes and no, respectively. The CD bit was copied before change #4534; the
difference was that it was copied in all responses, not just QUERY
responses. The specific misbehavior with authoritative responses
wasn't introduced then.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-workers
mailing list