On Mon, 15 Jan 2024, Warren Kumari wrote:
dig +nocookie +edns=0 +noad +norec +dnssec soa $zone @$server
expect: status: NOERROR
expect: the SOA record to be present in the answer section
expect: an OPT record to be present in the additional section
expect: DO=1 to be present if an RRSIG is in the response
expect: EDNS Version 0 in response
expect: flag: aa to be present
The actual output from dig goeth thus:
dig +nocookie +edns=0 +noad +norec +dnssec soa ietf.org
@jill.ns.cloudflare.com.
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20613
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
Seeing as the document says you should "expect: flag: aa to be present", it does
seem like it would be better if it also said: "expect: flag: do to be
present if an RRSIG is in the response", as that is more inline with what
someone writing a test would see.
It's not really in the flags: section, but in the EDNS0 flags section.
It should already really use the plural for flag, eg: expect: flags: to contain
"aa".
What's more confusing here I think is the example dig command using
"@$server". I think what was meant was an authoritative server, but the errata
reporter ran it against a public resolver (an instance of 1.1.1.1),
which returned him a Refused (when I try that against 1.1.1. I get
ServFail)
Warren ran his example of ietd.org against an authoritative server,
because he knew using "no recursion" at a recursor makes no sense :)
This seems like a fairly simple clarification / place where things could have
been worded better, but I don't think that it rises to the level of a
"Verified" errata, but it's also not wrong, so my proposed resolution is:
Accept the errata as Editorial, Hold for Document Update.
("Hold for Document Update - The erratum is not a necessary update to the RFC.
However, any future update of the document might consider it and determine
whether it merits including in an update." — from:
https://www.ietf.org/about/groups/iesg/statements/processing-errata-ietf-stream/ )
Can anyone not live with this? Please speak up by Jan 29th, otherwise I'll do
what's above.
That seems fine with me. Maybe mention that "@$server" refers to an
authoritative server, and not a recursive server, as well ?
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop