[nsd-users] NSD returns SERVFAIL instead of REFUSED
Arun N S
ns.arunns at gmail.com
Tue Jul 19 09:18:15 UTC 2011
Yeah, Thanks for the response, I got it clear
Appendix B Details on specific design and implementation choices.
B.1. Returning the root delegation when no answer can be found
From RFC1034/1035 it is not obvious if returning a root delegation
is a (non-)requirement for authoritative servers.
We have decided not to implement a root-hints since an
authoritative server should in normal circumstances only receive
queries for which the server is authoritative.
Also see RFC 1123 section 6.1.2.5.
Whenever an answer cannot been provided we return a SERVFAIL. It
has been argued that this is a policy decision and thus a REFUSE
should be returned. However, in the spirit of RFC1034/1035 a server
should return cached data, if that cache cannot be reached a SERVFAIL
is an appropriate response.
Also see the discussion on the 'namedroppers list' Starting April
2002 with subject "name server without root cache "
(ftp://ops.ietf.org/pub/lists/)
./arun
On Tue, Jul 19, 2011 at 11:33 AM, Jaap Akkerhuis <jaap at nlnetlabs.nl> wrote:
>
> On Sun, Jul 17, 2011 at 10:34:56AM +0300,
> Arun N S <ns.arunns at gmail.com> wrote
> a message of 55 lines which said:
>
> > I was wondering why NSD returns SERVFAIL for recursive queries,
> > normally it is REFUSED ?
>
> AFAIK, no RFC explicitely says what a name server should return when
> it does not accept out-of-zone queries.
>
> It is discussed somewhat in the document "differences.tex" (differences
> between bind & nsd) and the RQUIREMENTS document (Appendix B.1).
>
> jaap
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
>
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20110719/5626fdae/attachment.htm>
More information about the nsd-users
mailing list