[bind10-dev] Authoritative Query Logic for DS

Mark Andrews marka at isc.org
Wed Nov 2 06:07:23 UTC 2011 

In message <CADdG5VyvLOzeeP+iydmXUjyHOpiobcWZJ-FPJpuMXcnQ-4ztuQ at mail.gmail.com>, =?GB2312?B?va+zrA==?= wr
ites:
> 
> i have confused with the situation that qtype is DS.
> 
> for example:  two zones servered by the authoritative server, "example.com"
> and "aa.example.com".  in zone "example.com", there are no records for "
> aa.example.com" and its children. as a result, there is no delegated ns rrs
> for "aa.example.com"  (because the zone of "aa.example.com" is already
> servered by the authoritative server, this configuration is incorrect).
> when a query with qname "aa.example.com" and qtype DS comes, which zone
> should be chosen. if the zone of "example.com" is chosen, NXDOMAIN will be
> returned. but if the zone "aa.example.com" is chosen, NOERROR will be
> returned.
> 
> another situation: two zones servered by the authoritative server, "
> example.com" and "aa.example.com". in zone "example.com", there are NS
> records for "aa.example.com" but no DS records. when a query with qname "
> aa.example.com" and qtype DS comes, which one of the following cases will
> be ok?
> case1:  choose the zone "example.com", return the NS rrs of "aa.example.com."
> in authority section, clear AA flag and set opcode NOERROR.
> case2:  choose the zone "example.com", return the SOA rr of "example.com"
> in authority section, set AA flag and set opcode NOERROR.
> case3:  choose the zone "aa.example.com", return the SOA rr of "
> aa.example.com" in authority section, set AA flag and set opcode NOERROR.
> 
> which one should be ok and why?

	The parent is authoritative for DS so it is answers
	authoritatively.  Note if the query is for ./DS then there
	is no parent zone and it is answered as a normal query.

> Thanks
> Chao
> 
> --001517592dfa0b0e0904b0b97349
> Content-Type: text/html; charset=ISO-8859-1
> Content-Transfer-Encoding: quoted-printable
> 
> <div>i have confused with the situation that qtype is DS.</div><div>=A0</di=
> v><div>for example:=A0 two zones=A0servered by=A0the authoritative server, =
> "<a href=3D"http://example.com" target=3D"_blank">example.com</a>&quot=
> ; and "<a href=3D"http://aa.example.com" target=3D"_blank">aa.example.=
> com</a>".=A0 in zone "<a href=3D"http://example.com" target=3D"_b=
> lank">example.com</a>", there=A0are no records for "<a href=3D"ht=
> tp://aa.example.com" target=3D"_blank">aa.example.com</a>" and its chi=
> ldren. as a result, there is no delegated ns rrs for "<a href=3D"http:=
> //aa.example.com" target=3D"_blank">aa.example.com</a>"=A0 (because th=
> e zone of "<a href=3D"http://aa.example.com" target=3D"_blank">aa.exam=
> ple.com</a>" is already servered by the authoritative server, this con=
> figuration is incorrect). when a query with qname "<a href=3D"http://a=
> a.example.com" target=3D"_blank">aa.example.com</a>" and qtype DS come=
> s, which zone should be chosen. if the zone of "<a href=3D"http://exam=
> ple.com" target=3D"_blank">example.com</a>" is chosen, NXDOMAIN will b=
> e returned. but if the zone "<a href=3D"http://aa.example.com" target=
> =3D"_blank">aa.example.com</a>" is chosen, NOERROR will be returned.</=
> div>
> 
> <div>=A0</div><div>another situation: two zones servered by the authoritati=
> ve server, "<a href=3D"http://example.com" target=3D"_blank">example.c=
> om</a>" and "<a href=3D"http://aa.example.com" target=3D"_blank">=
> aa.example.com</a>". in zone "<a href=3D"http://example.com" targ=
> et=3D"_blank">example.com</a>", there are=A0NS records for "<a hr=
> ef=3D"http://aa.example.com" target=3D"_blank">aa.example.com</a>" but=
>  no=A0DS records. when a query with qname "<a href=3D"http://aa.exampl=
> e.com" target=3D"_blank">aa.example.com</a>" and qtype DS comes, which=
>  one of the following cases will be ok? </div>
> 
> <div>case1:=A0 choose the zone "<a href=3D"http://example.com" target=
> =3D"_blank">example.com</a>", return the NS rrs of "<a href=3D"ht=
> tp://aa.example.com" target=3D"_blank">aa.example.com</a>." in authori=
> ty section, clear AA flag and set opcode NOERROR.</div>
> 
> <div>case2:=A0 choose the zone "<a href=3D"http://example.com" target=
> =3D"_blank">example.com</a>", return the SOA rr of "<a href=3D"ht=
> tp://example.com" target=3D"_blank">example.com</a>" in authority sect=
> ion, set AA flag and set opcode NOERROR.</div>
> 
> <div>case3:=A0 choose the zone "<a href=3D"http://aa.example.com" targ=
> et=3D"_blank">aa.example.com</a>", return the SOA rr of "<a href=
> =3D"http://aa.example.com" target=3D"_blank">aa.example.com</a>" in au=
> thority section, set AA flag and set opcode NOERROR.</div>
> 
> <div>=A0</div><div>which one should be ok and why?</div><div>=A0</div><div>=
> Thanks</div><div>Chao</div>
> 
> --001517592dfa0b0e0904b0b97349--
> 
> --===============9063611595663271146==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> 
> _______________________________________________
> bind10-dev mailing list
> bind10-dev at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind10-dev
> 
> --===============9063611595663271146==--
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind10-dev mailing list