On Mar 6, 2013, at 20:33, Paul Vixie wrote: > if the authority server in question is configured to be a primary or > secondary server for a zone which is at or above the qname, then the correct > answer is either authoritative-positive, authoritative-negative, or servfail.
Or a non-authoritative referral but then again there's also FROMERR and come to think of it other results involving CNAME, DNAME and even a wildcard match. I have over time tried to come up with a state machine description of what DNS returns but never could complete the task. The protocol is too hap-hazzard in architecture to be nicely reverse engineered. Sigh. > if said authoritity server is not configured to be a primary or secondary for > any zone at or above the qname, then the proper response is refused. (not an > upward delegation as a i once had it in bind8 -- my apologies to all.) We chose SERVFAIL instead of REFUSED for that - in the sense that the service failed by sending the querier to the wrong place. I don't think either is better than the other, just saying this because it's not always clear what's the right RCODE. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 There are no answers - just tradeoffs, decisions, and responses.
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
