BIND 10 #2226: direct queries for RRSIG
BIND 10 Development
do-not-reply at isc.org
Tue Jan 7 10:07:52 UTC 2014
#2226: direct queries for RRSIG
-------------------------------------+-----------------------------------
Reporter: jelte | Owner:
Type: defect | Status: new
Priority: medium | Milestone:
Component: Unclassified | Resolution:
Keywords: | CVSS Scoring:
Sensitive: 0 | Defect Severity: N/A
Sub-Project: DNS | Feature Depending on Ticket:
Estimated Difficulty: 6 | Add Hours to Ticket: 0
Total Hours: 0 | Internal?: 0
-------------------------------------+-----------------------------------
Comment (by muks):
We decided to patch this in `b10-auth` so that we return rcode=REFUSED for
qtype=RRSIG:
* RRSIG and the covered rrset go together, so we refuse to serve RRSIGs
directly.
* The in-memory datasource currently does not implement it (and iterating
over all RRSIGs in our current design will be a time-consuming process).
* We don't want to implement it in the future, so instead of rcode=NOTIMP,
we will return rcode=REFUSED.
* We will return this early in the `b10-auth` server code itself, so that
this reply is consistent across all data sources.
--
Ticket URL: <http://bind10.isc.org/ticket/2226#comment:2>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list