> On Jan 6, 2020, at 6:15 PM, Michael StJohns <m...@nthpermutation.com> wrote: > >> >> >>> 5) 3.1.2 - This is I believe different than how DNSSEC does it? If it's >>> the same, then this is fine, otherwise this protocol should be calculating >>> the RRSet wire representation the same as DNSSEC does it. >> In my experience, duplicates are suppressed either when a zone is loaded or >> when it is signed. ZONEMD matches DNSSEC. >> >> >> Here's how named-checkzone behaves: >> >> $ named-checkzone -i none -o /dev/fd/1 example.com /dev/fd/0 >> $ORIGIN example.com. >> @ 60 SOA a b 1 2 3 4 5 >> @ 60 NS ns >> NS 60 A 192.168.1.1 >> @ 60 A 127.0.0.1 >> @ 60 A 127.0.0.1 >> zone example.com/IN: loaded serial 1 >> example.com. 60 IN SOA >> a.example.com. b.example.com. 1 2 3 4 5 >> example.com. 60 IN NS >> ns.example.com. >> example.com. 60 IN A 127.0.0.1 >> NS.example.com. 60 IN A 192.168.1.1 >> OK >> >> >> And in ldns_dnssec_rrs_add_rr() at >> https://github.com/NLnetLabs/ldns/blob/develop/dnssec_zone.c#L46 you can see >> at the end that equal RRs are silently ignored. >> > Can you provide a cite? Not disagreeing - just curious if its been written > down in an RFC somewhere. >
RFC2181 (cited in ZONEMD) says: Each DNS Resource Record (RR) has a label, class, type, and data. It is meaningless for two records to ever have label, class, type and data all equal - servers should suppress such duplicates if encountered. DW
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
