On Mon, Jul 16, 2012 at 04:49:08PM +0200, Anand Buddhdev wrote: > 1a. return REFUSED responses for any zones I haven't loaded;
I'd make a difference between zones supposed to be loaded but not available (SERVFAIL) vs zones intentionally absent (REFUSED). > 1c. return a NOERROR response for zones I have, with the SOA record in > the answer section, setting the AA bit. Do I need to fill the authority > section too? In this particular case the NS RRSet might not be needed. However, you may have to echo the OPT RR. > 2. Listen on TCP/53, and: > > 2a. return REFUSED responses for any zones I haven't loaded; and > > 2b. return NOTIMP responses to queries other than AXFR; and > > 2c. return the zone in response to AXFR. The SOA/AXFR may come over the same TCP connection. > Have I missed anything obvious? What if the client asks with CD and/or DO=1? Also, you need to ignore all clesses !=IN (or not ;-) -Peter _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
