RFC Errata
RFC 1035, "Domain names - implementation and specification", November 1987
Note: This RFC has been updated by RFC 1101, RFC 1183, RFC 1348, RFC 1876, RFC 1982, RFC 1995, RFC 1996, RFC 2065, RFC 2136, RFC 2181, RFC 2137, RFC 2308, RFC 2535, RFC 2673, RFC 2845, RFC 3425, RFC 3658, RFC 4033, RFC 4034, RFC 4035, RFC 4343, RFC 5936, RFC 5966, RFC 6604, RFC 7766, RFC 8482, RFC 8490, RFC 8767
Source of RFC: LegacyArea Assignment: int
Errata ID: 5626
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Petr Špaček
Date Reported: 2019-02-07
Held for Document Update by: Warren Kumari (Ops AD)
Date Held: 2019-02-08
Section 5.2. says:
Several other validity checks that should be performed in addition to
insuring that the file is syntactically correct:
1. All RRs in the file should have the same class.
2. Exactly one SOA RR should be present at the top of the zone.
3. If delegations are present and glue information is required,
it should be present.
4. Information present outside of the authoritative nodes in the
zone should be glue information, rather than the result of an
origin or similar error.
It should say:
Several other validity checks that should be performed in addition to
insuring that the file is syntactically correct:
1. All RRs in the file should have the same class.
2. Exactly one SOA RR should be present at the top of the zone.
3. If delegations are present and glue information is required,
it should be present.
4. Information present outside of the authoritative nodes in the
zone should be glue information, rather than the result of an
origin or similar error.
5. At least one NS RR must be present at the top of the zone.
Notes:
[ WK (OpsAD): This is correct, and should be considered / included if this RFC is updated. ]
RFC 1034 Section 4.2.1 vaguely specifies that NS RRs are expected to be found at zone apex but it is missing in the original algorithm above. This erratum adds explicit requirement for NS RR at zone apex.
Even more importantly this expectation was built into subsequent RFCs, e.g. RFC 2181 which would break if NS was present only in the parent zone but not in the child zone.
References to dnsop mailing list:
- https://mailarchive.ietf.org/arch/msg/dnsop/ipwko314FenUxrdzMl5vcick9wQ
- https://mailarchive.ietf.org/arch/msg/dnsop/JAS6TREsOh-b2J4rEAND6cds0Og