authoritative return CD?
Jeremy C. Reed
jreed at isc.org
Sat Oct 19 21:46:14 UTC 2019
On Thu, 3 Oct 2019, Evan Hunt wrote:
> On Thu, Oct 03, 2019 at 08:25:44AM -0500, reed at reedmedia.net wrote:
> > Why does named authoritative return CD in response when CD in query?
> At a guess, because it does so for recursive responses and no one ever
> thought to special-case authoritative responses.
> That code was added along with all the rest of the DNSSEC-bis work
> in BIND 9.3.0 in 2004, and I haven't found any documentation of that
> particular design decision; I suspect it was just an oversight.
> Do you know of any interoperational problems this causes?
No, I don't know of any problems from this.
> > I didn't confirm, but I think this is related to
> > DNS_MESSAGE_REPLYPRESERVE and 4534. [bug] Only set RD, RA and CD in
> > QUERY responses. [RT #43879]
> Yes and no, respectively. The CD bit was copied before change #4534; the
> difference was that it was copied in all responses, not just QUERY
> responses. The specific misbehavior with authoritative responses
> wasn't introduced then.
Since BIND is reference implementation, do you want me to open a bug?
More information about the bind-workers