IETF Logo Mail Archive

[dnsext] Failure to add glue MUST cause TC to be set.

Mark Andrews <marka@isc.org> Sat, 19 February 2011 21:07 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7B2493A6FC2 for <dnsext@core3.amsl.com>; Sat, 19 Feb 2011 13:07:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1oGQ6FhaFILk for <dnsext@core3.amsl.com>; Sat, 19 Feb 2011 13:07:00 -0800 (PST)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by core3.amsl.com (Postfix) with ESMTP id 1A7343A6F18 for <dnsext@ietf.org>; Sat, 19 Feb 2011 13:07:00 -0800 (PST)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.ams1.isc.org (Postfix) with ESMTPS id 211305F9865 for <dnsext@ietf.org>; Sat, 19 Feb 2011 21:07:22 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:ea06:88ff:fef3:4f9c]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 2495A216C1E for <dnsext@ietf.org>; Sat, 19 Feb 2011 21:07:20 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 72943A5602B for <dnsext@ietf.org>; Sun, 20 Feb 2011 08:07:16 +1100 (EST)
To: dnsext@ietf.org
From: Mark Andrews <marka@isc.org>
Date: Sun, 20 Feb 2011 08:07:15 +1100
Message-Id: <20110219210716.72943A5602B@drugs.dv.isc.org>
Subject: [dnsext] Failure to add glue MUST cause TC to be set.
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Feb 2011 21:07:01 -0000

Below is a example of why TC should be set when glue cannot be added
to the answer.

We need to make it clear that adding address records here (RFC 1034,
Section 4.3.2, step 3b) is not optional unlike step 6 where they are
optional.

         b. If a match would take us out of the authoritative data,
            we have a referral.  This happens when we encounter a
            node with NS RRs marking cuts along the bottom of a
            zone.

            Copy the NS RRs for the subzone into the authority
            section of the reply.  Put whatever addresses are
            available into the additional section, using glue RRs
            if the addresses are not available from authoritative
            data or the cache.  Go to step 4.

Mark

; <<>> DiG 9.6.0-APPLE-P2 <<>> +norec +dnssec +bufsize=512 @b.gov-servers.net vwall1a.nyc.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13052
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;vwall1a.nyc.gov.		IN	A

;; AUTHORITY SECTION:
nyc.gov.		86400	IN	NS	vwall1a.nyc.gov.
nyc.gov.		86400	IN	NS	vwall2a.nyc.gov.
nyc.gov.		86400	IN	NS	vwall3a.nyc.gov.
nyc.gov.		86400	IN	NS	vwall4a.nyc.gov.
rq2651faaj4nen6tfis8ju5005qccn8j.gov. 86400 IN NSEC3 1 0 8 4C44934802D3 RQDJO8PKJ2LEUMC30SGU45DDI643G497 NS
rq2651faaj4nen6tfis8ju5005qccn8j.gov. 86400 IN RRSIG NSEC3 7 2 86400 20110224160026 20110219160026 47602 gov. ZL6YdI7AOtcv5Vfs9cjOZkj6tld5+K4UfDjD2BV4ToBQQ4jhD6HS102P p2TGBP90RdjSLGpGw5OHt9ZxjCPzjWjcoM5V5PiWoGhXrmdgahfmVENE cRH9gsxJhlonz+vIfXlFTeCLgn5d3D5WxjURdGKfDK5j35JvDKb0kQ+8 CwZNXGeopE+01fgiTbIMvSqXCpXlXY/RD+fAbfuh+5e05jdIbj/53/9+ gQOHTXYd3T9jCOxrFOONuznzyvpRODJ3Sga/P+DvWzgUrVZSOKYEsAAi COTbtyCqDhfBIyNB9MxPry4oN0uet46zTjIqhvRg4JjPnfC9WFAEGDTK uolyNw==

;; Query time: 187 msec
;; SERVER: 209.112.123.30#53(209.112.123.30)
;; WHEN: Sun Feb 20 07:39:46 2011
;; MSG SIZE  rcvd: 510

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:	+61 2 9871 4742		         INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email