To:
JINMEI Tatuya / $B?@L@C#:H(B
<jinmei@isl.rdc.toshiba.co.jp>
cc:
dnsop@cafax.se, <yasuhiro@jprs.co.jp>
From:
Pekka Savola <pekkas@netcore.fi>
Date:
Wed, 13 Aug 2003 10:09:56 +0300 (EEST)
In-Reply-To:
<y7vfzk7mff4.wl@ocean.jinmei.org>
Sender:
owner-dnsop@cafax.se
Subject:
Re: comments about morishita-dnsop-misbehavior-against-aaaa-00
On Tue, 12 Aug 2003, JINMEI Tatuya / [ISO-2022-JP] $B?@L@C#:H(B wrote: > > substantial > > ----------- > > > 4.1 Return NXDOMAIN > > > This type of server returns a response with the RCODE being 3 > > (NXDOMAIN) to a query for a AAAA RR, indicating it does not have any > > RRs of any type for the queried name. In fact, such a server > > apparently returns NXDOMAIN to all queries except those for an A RR. > > > and: > > > 4.3 Ignore Queries for AAAA > > [...] > > Again, these servers apparently ignore all queries except those for > > an A RR. > > > ==> is this really the case? Do these servers *also* ignore or return an > > error to queries for NS, MX, SOA, and other resource records (and the text > > was slightly inaccurate), or does it really, really break everything > > except A records (whoops, maybe add a few words of clarification to > > underline that). > > This is the case at least about the examples described in the draft. > You can even check the behavior described in Section 4.3 by yourself > (I just retried and confirmed that it is still the case). So it seems, perhaps some stronger words are in order if revising the draft. > > 4.2 Return NOTIMP > > > Other authoritative servers return a response with the RCODE being 4 > > (NOTIMP), indicating the servers do not support the requested type of > > query. > > > [...] > > > Using SERVFAIL or FORMERR would cause the same effect, though the > > authors have not seen such implementations yet. > > > ==> I recall faintly that e.g. bind 4.9 series prior to patching some > > years ago returned SERVFAIL? Maybe also have a look at: > > http://www.wcug.wwu.edu/lists/ngtrans/200110/msg00123.html > > Hmm, I've looked at the ngtrans message, and the latest version of the > internet-draft discussed there, but I could not find a concrete > example. Could you be more specific please? Unfortunately, I do not know more details than that.. :-/ > Regarding BIND 4.9, I don't have an environment to check the behavior > at least at this moment. If anyone else could confirm the > information, it would be helpful. I tried to look this up, but failed; in any case, I believe the code would be some 6-7 years old at least. We'll see if someone else brings this up. In doing so, I googled across this one: http://mailman.isi.edu/pipermail/6bone/2002-October/006531.html which brings some statistics to the play, which may be interesting. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.