> On 16 Jan 2024, at 10:13, Paul Wouters <p...@nohats.ca> wrote:
>
> On Mon, 15 Jan 2024, Warren Kumari wrote:
>
>> dig +nocookie +edns=0 +noad +norec +dnssec soa $zone @$server
>> expect: status: NOERROR
>> expect: the SOA record to be present in the answer section
>> expect: an OPT record to be present in the additional section
>> expect: DO=1 to be present if an RRSIG is in the response
>> expect: EDNS Version 0 in response
>> expect: flag: aa to be present
>> The actual output from dig goeth thus:
>> dig +nocookie +edns=0 +noad +norec +dnssec soa ietf.org
>> @jill.ns.cloudflare.com.
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20613
>> ;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags: do; udp: 1232
>> Seeing as the document says you should "expect: flag: aa to be present", it
>> does seem like it would be better if it also said: "expect: flag: do to be
>> present if an RRSIG is in the response", as that is more inline with what
>> someone writing a test would see.
>
> It's not really in the flags: section, but in the EDNS0 flags section.
>
> It should already really use the plural for flag, eg: expect: flags: to
> contain "aa".
>
> What's more confusing here I think is the example dig command using
> "@$server". I think what was meant was an authoritative server, but the
> errata
> reporter ran it against a public resolver (an instance of 1.1.1.1),
> which returned him a Refused (when I try that against 1.1.1. I get
> ServFail)
>
> Warren ran his example of ietd.org against an authoritative server,
> because he knew using "no recursion" at a recursor makes no sense :)
>
>> This seems like a fairly simple clarification / place where things could
>> have been worded better, but I don't think that it rises to the level of a
>> "Verified" errata, but it's also not wrong, so my proposed resolution is:
>> Accept the errata as Editorial, Hold for Document Update.
>> ("Hold for Document Update - The erratum is not a necessary update to the
>> RFC. However, any future update of the document might consider it and
>> determine
>> whether it merits including in an update." — from:
>> https://www.ietf.org/about/groups/iesg/statements/processing-errata-ietf-stream/
>> )
>> Can anyone not live with this? Please speak up by Jan 29th, otherwise I'll
>> do what's above.
>
> That seems fine with me. Maybe mention that "@$server" refers to an
> authoritative server, and not a recursive server, as well ?
See section 8
>
> Paul
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
