Hey all,
we have received a notice that Knot DNS adds an
answer in case the EDNS=1 (and higher) in the
response where RCODE=BADVERS (and OPT EDNS=0).
The RFC 6891 doesn't forbid such behaviour:
If a responder does not implement the VERSION level of the
request, then it MUST respond with RCODE=BADVERS. All responses
MUST be limited in format to the VERSION level of the request, but
the VERSION of each response SHOULD be the highest implementation
level of the responder. In this way, a requestor will learn the
implementation level of a responder as a side effect of every
response, including error responses and including RCODE=BADVERS.
And in fact we think this might be a more
forward compatible behaviour than returning
an empty response with RCODE=BADVERS.
(Sending it here as dnsext is concluded...)
Cheers,
--
Ondřej Surý -- Chief Science Officer
-------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Americka 23, 120 00 Praha 2, Czech Republic
mailto:ondrej.s...@nic.cz http://nic.cz/
-------------------------------------------
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
