Differences between revisions 2 and 3
Revision 2 as of 2020-08-17 23:35:35
Size: 1192
Comment:
Revision 3 as of 2020-08-17 23:36:55
Size: 1208
Comment:
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:
== RCODO REFUSED == == RCODE REFUSED ==
Line 15: Line 15:
Ralph Dolmans: Unboud qname minimisation == Unbound ==
Ralph Dolmans: Unbound qname minimisation

1. DNS/qname-minimisation/refused返答

1.1. RCODE REFUSED

qname minimisation の観点からは、REFUSEDはNXDOMAINではないようだ。

  • 次(前)のラベルを試すらしい。 これなら、検索不能にはならない。(でも、それでいいのか)

awsdnsで親ゾーンはないが、www付きのゾーンがあるものを見かけた。(さくらにもあった。)

  • unboundでは特に問題なく引けている。

-- ToshinoriMaeno 2019-09-18 02:10:26

1.2. Unbound

Ralph Dolmans: Unbound qname minimisation https://nlnetlabs.nl/downloads/presentations/unbound_qnamemin_oarc24.pdf

page 14

Other wrong RCODEs
$ dig ns www.limburg.nl | grep status;; 
->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 14956

-Also: REFUSED on QTYPE=NS

OARC 24 (Buenos Aires) - March 2016 https://www.nlnetlabs.nl/ page 15

When to stop resolving?

  • We can't ignore the RCODE and continue resolving
  • We can't trust the RCODE and stop resolving
  • Stop minimisation when RCODE is not NOERROR
    • –DONOT_MINIMISE_STATE: send full QNAME and original QTYPE
  • Not conform RFC

MoinQ: DNS/qname-minimisation/refused返答 (last edited 2020-08-17 23:36:55 by ToshinoriMaeno)