[bind10-dev] authoritative query logic

Evan Hunt each at isc.org
Sat Feb 13 07:19:00 UTC 2010


Comrades,

Today, Michael and I were discussing corner cases of the query logic such
as DNAMEs and wildcards and how they interact with DNSSEC, and we decided
that we need to write down the complete protocol for answering queries and
make sure it's right, so we aren't surprised in the future by things we've
overlooked.o

After reviewing RFCs I wrote up a description and put it on the wiki, at
http://bind10.isc.org/wiki/AuthServerQueryLogic.

This is not quite the way algorithm appears in the RFCs (for one thing,
all references to recursion and cache have been omitted).  I haven't
mentioned NSEC3 yet, but I don't think it changes the picture much from
NSEC.

Aside from those caveats, I believe it to be complete and correct.
However, I'd very much appreciate it if people could review it and make
sure I haven't overlooked or misunderstood any aspect of the protocol.

As a matter of interest, here are the bits BIND 10 isn't doing yet, in the
order I expect to add them:

        - referrals/glue
        - correct handling of empty nodes above data
        - wildcards
        - DNSSEC
        - DNAME

DNSSEC will need new rdata types to be supported.

I'm not sure DNAME is a requirement for year 1 (Shane?)

-- 
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.



More information about the bind10-dev mailing list