Hi all,
Some of you will perhaps recall that previous efforts at text on
referrals were unsuccessful. I've had another go. I _think_ it
addresses all the comments so far, without actually causing the
terminology draft to drift into prescribing protocol. It is
unfortunately quite a bit longer, but that seems to be the cost of
making all the points from the discussion. Thoughts are solicited:
Referral: A type of response in which a server, signalling that it
is not (completely) authoritative for an answer, provides the
querying resolver with an alternative place to send its query.
Referrals can be combined with partial answers.
A referral arises when a server is not performing recursive
service while answering a query. It appears in step 3(b) of the
algorithm in [RFC1034], Section 4.3.2.
There are two types of referral response. The first is a downward
referral (sometimes described as "delegation response"), where the
server is authoritative for some portion of the QNAME. The
authority section RRset's RDATA contains the name servers
specified at the referred-to zone cut. In normal DNS operation,
this kind of response is required in order to find names beneath a
delegation. The bare use of "referral" means this kind of
referral, and many people believe that this is the only legitimate
kind of referral in the DNS.
The second is an upward referral (sometimes described as "root
referral"), where the server is not authoritative for any portion
of the QNAME. When this happens, the referred-to zone in the
authority section is usually the root zone (.). In normal DNS
operation, this kind of response is not required for resolution or
for correctly answering any query. There is no requirement that
servers send them. Some people regard upward referrals as a sign
of a misconfiguration or error.
A response that has only a referral contains an empty answer
section. It contains the NS RRset for the referred-to zone in the
authority section. It may contain RRs that provide addresses in
the additional section. The AA bit is clear.
In the case where the query matches an alias, and the server is
not authoritative for the target of the alias but it is
authoritative for some name above the target of the alias, the
resolution algorithm will produce a response that contains both
the authoritative answer for the alias, and also a referral. Such
a partial answer and referral response has data in the answer
section. It has the NS RRset for the referred-to zone in the
authority section. It may contain RRs that provide addresses in
the additional section. The AA bit is set, because the first name
in the answer section matches the QNAME and the server is
authoritative for that answer (see [RFC1035], section 4.1.1).
--
Andrew Sullivan
[email protected]
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
