matthijs at NLnetLabs.nl
Thu Nov 24 09:12:59 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Looks correct to me: by enabling minimal responses, we change the
behavior of NSD slightly. A resolver may expect the optional NS RRsets
and, but not having them in the response should not trouble the
resolver. In my opinion, this biggest risk is not a big risk at all.
I am not aware of any other issues that you should take into considerations.
On 11/23/2011 08:10 PM, Todd Rinaldo wrote:
> On Nov 23, 2011, at 4:17 AM, Matthijs Mekking wrote:
>> RELNOTES ========
>> FEATURES: - - Minimize responses to reduce truncation: NSD will
>> only add optional records to the authority and additional sections
>> when the response size does not exceed the minimal response size.
>> The minimal response size is 512 (no-EDNS), 1480 (EDNS/IPv4), 1220
>> (EDNS/IPv6), or the advertized EDNS buffer size if that is smaller
>> than the EDNS default.
>> The feature is enabled by default. You can disable it by
>> configuring NSD with --disable-minimal-responses.
> Thanks for the 3.2.9 release. It looks like there are allot of good
> fixes in the release.
> I'm trying to get a more thorough understanding of the
> mininal-responses feature in order to do a risk assessment of
> enabling it in our build.
> I've done some archeology and from what I can tell, commits 3471
> through 3473 are the total change. I could not find a bug referring
> to these commits.
> Looking at the commits, I find this additional documentation in
> doc/REQUIREMENTS: + The feature 'minimize responses' is included
> since NSD 3.2.9. + NS RRsets that would go into the Authority
> section in positive + responses are not considered REQUIRED and
> therefore will NOT lead + to setting of the TC bit.
> As I see it, my biggest risk of taking this feature is that I could
> possibly cause unexpected behavior in any client expecting this
> information, even though the spec says it's optional.
> Are there any other issues I should consider?
> Thanks, Todd
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the nsd-users