On 28.05.19 21:14, Matthijs Mekking wrote:
Hi Klaus,
Hi Matthijs,
I provided responses inline.
I too.
On 5/28/19 5:49 PM, Klaus Malorny wrote:
Hi all,
[...]
For authoritative servers that receive A or AAAA requests, the address
records shall appear only once: in the answer section. It is correct
that those address records have the owner name and TTL adjusted (to the
owner name of the ANAME record and the minimum of the encountered TTLs).
There is nothing in the additional section, except for the ANAME record,
as described in Section 6.1.1:
When a server receives an address query for a name that has an ANAME
record, the response's Additional section MUST contain the ANAME
record. The ANAME record indicates to a client that it might wish to
resolve the target address records itself.
Note that there is separate additional processing for authoritative
servers and resolvers. For resolvers there is a requirement of having
target address records in the additional section.
[...]
I am not sure what text in Section 3 you are referring to, can you quote
the specific text?
>
> AFAICS there is nothing that says the visited ANAMEs and CNAMEs needs to
> be set in the Additional section. Visited ANAME and CNAME records are
> used to adjust the owner name and the TTL.
Well, just the two sentences just below the headline of section 3:
The requirements in this section apply to both recursive and
authoritative servers.
^^^^^^^^^^^^^
An ANAME target MAY resolve to address records via a chain of CNAME
and/or ANAME records; any CNAME/ANAME chain MUST be included when
^^^^^^^^^^^^^^^^^^^^^^^
adding target address records to a response's Additional section.
Along with the following requirement of 3.1:
o MAY contain the target address records that match the query type
(or the corresponding proof of nonexistence), if they are
available and the target address RDATA fields differ from the
sibling address RRset.
So, I can choose to add the target addresses to the additional section, but then
I have to add the full path of ANAME/CNAME/DNAME(?) also. This is my interpretation.
- if the name server chooses to cache the target address records (and
the intermediate xNAME records), shall the answer reflect the age of the
cache entries in the TTLs (i.e. be subtracted) of the records in the
answer and/or additional section?
There is some guidance in appendix C on this:
- In principle you should use a fixed TTL (no decremented TTLs) to avoid
query bunching (C.1).
- If the ANAME target lookup is done inside the name server, and
implements a cache, may use a decremented TTL in the response to the
client rather than using the original target address records' TTL, but
not a near zero TTL (C.4).
Hope this helps.
Ah, ok. This is helpful.
Thanks for answering.
Klaus
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
