14 Čen
2016
14 Čen
'16
14:21
Hey Anand,
Thanks for the quick response.
Best regards,
/rog
On 13Jun, 2016, at 19:39 , Anand Buddhdev
<anandb(a)ripe.net> wrote:
On 13/06/16 19:09, Roger Murray wrote:
Hi Roger,
I am digging through the RFC’s and I interpret them to as saying the exact opposite. As
far as I can tell the REFUSED rcode is a refusal based on policy (RFC1035) and then that
NOTAUTH rcode is that the nameserver isn’t authoritive for the queried zone (RFC2136). I
am finding mixed implementation in the wild and was wondering what the knot developers
based the implementation decision on.
I am seeing a response from a knot name server
that I am working on
that has me a little confused. When I do zone transfer requests from
clients that aren’t allowed to do a zone transfer I expect to receive
rcode 5 REFUSED, but I am receiving rcode 9 NOTAUTH.
The REFUSED rcode is generally used to indicate that a server isn't
carrying the zone you queried for.
However, when a server does have a zone loaded, and can answer queries
for it, but just won't allow zone transfers, then NOTAUTH is the right
response, meaning "I have the zone, but I won't XFR it to you”. Is this the expected behaviour? Is this
configurable?
Yes it is expected behaviour, and as far as I know, it's not configurable.
Regards,
Anand