[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dnssec-updates text, include SOA in negative answers

To: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Subject: Re: dnssec-updates text, include SOA in negative answers
From: gson@araneus.fi (Andreas Gustafsson)
Date: Wed, 28 Nov 2007 19:00:23 +0200
Cc: Namedroppers <namedroppers@ops.ietf.org>
In-reply-to: <474D5989.7000405@nlnetlabs.nl>
References: <474D5989.7000405@nlnetlabs.nl>

W.C.A. Wijngaards wrote:
> [proposed text]
> 
> Include SOA in negative answers.
> 
> Servers that serve DNSSEC signed zones SHOULD include SOA records in the
> authority section for negative answers (name error, no data). This
> enables clients to distinguish referrals from negative answers when the
> query did not set the RD bit, and validate accordingly.

Isn't this already required by RFC2308 section 3?

  3 - Negative Answers from Authoritative Servers

     Name servers authoritative for a zone MUST include the SOA record of
     the zone in the authority section of the response when reporting an
     NXDOMAIN or indicating that no data of the requested type exists.

-- 
Andreas Gustafsson, gson@araneus.fi

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: dnssec-updates text, include SOA in negative answers
  - From: Edward Lewis <Ed.Lewis@neustar.biz>

References:
- dnssec-updates text, include SOA in negative answers
  - From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>

Prev by Date: Re: dnssec-updates text, include SOA in negative answers
Next by Date: Re: dnssec-updates text, include SOA in negative answers
Previous by thread: Re: dnssec-updates text, include SOA in negative answers
Next by thread: Re: dnssec-updates text, include SOA in negative answers
Index(es):
- Date
- Thread