At 18:32 +0200 8/7/08, Roy Arends wrote:

>What does the scripture say about the following, very small (see * below)
>response:
>
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37612
>;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;010a.example. IN A
>
>;; ANSWER SECTION:
>010a.example. 86400 IN A 192.0.2.9
>
>;; AUTHORITY SECTION:
>example. 86400 IN NS 010a.example.
>
>;; Query time: 3 msec
>;; SERVER: 192.0.2.10#53(192.0.2.10)


What bothers me about this is that the SERVER: address is not in the
list (of 1) addresses authoritative for the zone owning the QNAME.
(That is, 192.0.2.10 is not 192.0.2.9.)

I would probably reject this as an inappropriate setting of the AA
bit - or chalk it up to an old BIND recursive server giving me a copy
back of what it had just gotten from an authoritative server.

If I were paranoid, reject. If I were paranoid but trying to be
flexible, i would try to determine the vintage of what was at
192.0.2.10 and then decide on rejection. Otherwise, it seems like a
valid answer.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar

Never confuse activity with progress. Activity pays more.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: