[bind10-dev] Authoritative Query Logic for DS
蒋超
jiang.chao.bupt at gmail.com
Wed Nov 2 05:07:32 UTC 2011
i have confused with the situation that qtype is DS.
for example: two zones servered by the authoritative server, "example.com"
and "aa.example.com". in zone "example.com", there are no records for "
aa.example.com" and its children. as a result, there is no delegated ns rrs
for "aa.example.com" (because the zone of "aa.example.com" is already
servered by the authoritative server, this configuration is incorrect).
when a query with qname "aa.example.com" and qtype DS comes, which zone
should be chosen. if the zone of "example.com" is chosen, NXDOMAIN will be
returned. but if the zone "aa.example.com" is chosen, NOERROR will be
returned.
another situation: two zones servered by the authoritative server, "
example.com" and "aa.example.com". in zone "example.com", there are NS
records for "aa.example.com" but no DS records. when a query with qname "
aa.example.com" and qtype DS comes, which one of the following cases will
be ok?
case1: choose the zone "example.com", return the NS rrs of "aa.example.com."
in authority section, clear AA flag and set opcode NOERROR.
case2: choose the zone "example.com", return the SOA rr of "example.com"
in authority section, set AA flag and set opcode NOERROR.
case3: choose the zone "aa.example.com", return the SOA rr of "
aa.example.com" in authority section, set AA flag and set opcode NOERROR.
which one should be ok and why?
Thanks
Chao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind10-dev/attachments/20111102/a34aefe6/attachment.html>
More information about the bind10-dev
mailing list