14 Čen
2016
14 Čen
'16
14:30
Hi Roger,
As far as I know, the meaning of NOTAUTH depends on the context
(see http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml).
So NOTAUTH is used here for "Not Authorized" (RFC3845).
Regards,
Daniel
On 06/14/2016 02:21 PM, Roger Murray wrote:
Hey Anand,
Thanks for the quick response.
Best regards,
/rog
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
On 13Jun, 2016, at 19:39 , Anand Buddhdev
<anandb(a)ripe.net> wrote:
On 13/06/16 19:09, Roger Murray wrote:
Hi Roger,
I am
digging through the RFC’s and I interpret them to as saying the exact opposite. As far as
I can tell the REFUSED rcode is a refusal based on policy (RFC1035) and then that NOTAUTH
rcode is that the nameserver isn’t authoritive for the queried zone (RFC2136). I am
finding mixed implementation in the wild and was wondering what the knot developers based
the implementation decision on.
I am seeing a response from a knot name server
that I am working on
that has me a little confused. When I do zone transfer requests from
clients that aren’t allowed to do a zone transfer I expect to receive
rcode 5 REFUSED, but I am receiving rcode 9 NOTAUTH.
The REFUSED rcode is
generally used to indicate that a server isn't
carrying the zone you queried for.
However, when a server does have a zone loaded, and can answer queries
for it, but just won't allow zone transfers, then NOTAUTH is the right
response, meaning "I have the zone, but I won't XFR it to you”. Is this
the expected behaviour? Is this configurable?
Yes it is expected behaviour, and as
far as I know, it's not configurable.
Regards,
Anand