Thanks to all who responded, both publicly and privately. I had forgotten to mention that the clients will be under my control, and I don't plan on using TSIG, so I'm not going to bother implementing it.
I'm also not going to bother with the NOTIMP responses, and just return REFUSED for queries I don't support. About responding to SOA queries over TCP: BIND doesn't do that (it uses UDP to query for the SOA record) and neither does NSD (it always asks for AXFR/IXFR, and looks at the SOA record in there, abandoning the connection if it doesn't need the XFR). So I can get away with implementing just AXFR over TCP, and nothing else (including returning AXFR in response to IXFR). Regards, Anand On 16/07/2012 16:49, Anand Buddhdev wrote: > Hello DNS gurus, > > I'm writing a minimalistic DNS server (in python, using the dnspython > module), whose purpose will simply be to provide AXFR for a fixed set of > zones. The clients will be BIND and/or NSD. It will send NOTIFY messages > to the clients, and provide (some) responses. > > As far as I can see, my small DNS server needs to do the following: > > 1. Listen on UDP/53, and: > > 1a. return REFUSED responses for any zones I haven't loaded; > > 1b. return NOTIMP responses to queries other than SOA; and > > 1c. return a NOERROR response for zones I have, with the SOA record in > the answer section, setting the AA bit. Do I need to fill the authority > section too? > > 2. Listen on TCP/53, and: > > 2a. return REFUSED responses for any zones I haven't loaded; and > > 2b. return NOTIMP responses to queries other than AXFR; and > > 2c. return the zone in response to AXFR. > > Have I missed anything obvious? > > Regards, > > Anand > _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
