[bind10-dev] Resolver response to NOTIFY query
Jelte Jansen
jelte at isc.org
Wed Apr 13 21:27:26 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/13/2011 09:10 PM, Stephen Morris wrote:
> With the current version of BIND 10, when I send a query with opcode 4
> (NOTIFY) to the resolver, I get a response of "not authoritative for
> zone" (rcode = 9).
>
> RFC 1996 which introduces Notify only seems to cover the case of
> master-slave communication. But it says:
>
> If a NOTIFY request is received by a slave who does not
> implement the NOTIFY opcode, it will respond with a NOTIMP
> (unimplemented feature error) message.
>
> In our case, the resolver has no ability to respond to a notify, which
> is why a "not implemented" (rcode = 4) response seems logical. But as
> the server is not configured to accept notifies from the sending system,
> perhaps some other response is appropriate, e.g. BIND 9.7.1 returns
> format error (rcode = 1).
>
I would personally go for either NOTAUTH or REFUSED, with a slight preference
for the first. I would not object to returning NOTIMPL, but it makes less sense
from a whole-system view; it *is* implemented, just not in the part that is
running :)
I don't really see how a format error would be appropriate.
Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk2mFT4ACgkQ4nZCKsdOncX0xQCfQXNw5AOecBZh9jp0mWmi3dAx
EQMAn3fw2g17J5PXz06FHB8YS3ejR8TP
=cg4L
-----END PGP SIGNATURE-----
More information about the bind10-dev
mailing list