Moin! On 28 May 2019, at 21:14, Matthijs Mekking wrote: > For authoritative servers that receive A or AAAA requests, the address > records shall appear only once: in the answer section. It is correct > that those address records have the owner name and TTL adjusted (to the > owner name of the ANAME record and the minimum of the encountered TTLs). > > There is nothing in the additional section, except for the ANAME record, > as described in Section 6.1.1: > > When a server receives an address query for a name that has an ANAME > record, the response's Additional section MUST contain the ANAME > record. The ANAME record indicates to a client that it might wish to > resolve the target address records itself. So that means an authoritative server could just use the “static” A records in the zone and just put in the ANAME in the additional section and not do any special processing at all, hoping the resolver does follow the ANAME?
> Note that there is separate additional processing for authoritative > servers and resolvers. For resolvers there is a requirement of having > target address records in the additional section. Why? They are the same that are in the answer section and for DNSSEC the signed ANAME is important and not the unsigned addresses or am I missing something? So long -Ralf —-- Ralf Weber _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
