RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4956, "DNS Security (DNSSEC) Opt-In", July 2007

Source of RFC: dnsext (int)
See Also: RFC 4956 w/ inline errata

Errata ID: 1018
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Alfred Hoenes
Date Reported: 2007-08-16
Verifier Name: Brian Haberman
Date Verified: 2012-05-01

 

(1)  typo (technical error)

Within Section 4.2.2.2. of RFC 4956, the last sentence of the
paragraph on top of page 8 contains a wrong RCODE value.
The RFC says:

                v
                                 [...].  In particular, a NOERROR/NODATA
|  (i.e., RCODE=3, but the answer section is empty) response to a DS
   query may be proven by an Opt-In flagged covering NSEC record, rather
   than an NSEC record matching the query name.

It should say:
                v
                                 [...].  In particular, a NOERROR/NODATA
|  (i.e., RCODE=0, but the answer section is empty) response to a DS
   query may be proven by an Opt-In flagged covering NSEC record, rather
   than an NSEC record matching the query name.

Rationale: See RCODE list in RFC 1035 [1], page 27, and RFC 2181 [8].


(2)  missing article

Still on page 8, an article is missing in the third bullet
in Section 4.2.4 .
The RFC says:

   o  sending a NOERROR/NODATA response when query type is DS and the
|     covering NSEC is tagged as Opt-In, unless NSEC record's owner name
      matches the query name.
                                               ^
It should say:

   o  sending a NOERROR/NODATA response when query type is DS and the
|     covering NSEC is tagged as Opt-In, unless the NSEC record's owner
      name matches the query name.
                                               ^^^^^

(3)  inconsistency

There's a small inconsistency in the presentation of DNS querys
(and responses) in Section 6.
In almost all instances, in that context the text gives domain
names with the DNS 'root label', the trailing dot.
Yet, in the second line of the first paragraph on page 10,
this dot is missing twice.

The RFC says:

   In this example, a query for a signed RRset (e.g., "FIRST-
|  SECURE.EXAMPLE A") or a secure delegation ("WWW.SECOND-SECURE.EXAMPLE
   A") will result in a standard DNSSEC response.

It should say:

   In this example, a query for a signed RRset (e.g., "FIRST-
|  SECURE.EXAMPLE. A") or a secure delegation ("WWW.SECOND-
|  SECURE.EXAMPLE. A") will result in a standard DNSSEC response.
                 ^

(4)  text truncation

In Section 9, on top of page 13, the list of acknowledged people
apparently has been truncated.

The RFC says:
          v
|     Mats Kolkman, Edward Lewis, Ted Lindgreen, Rip Loomis, Bill
      Manning, Dan Massey, Scott Rose, Mike Schiraldi, Jakob Schlyter,
      Brian Wellington.

The -09 draft had the following list:

|     Mats Dufberg, Miek Gieben, Olafur Gudmudsson, Bob Halley, Olaf
      Kolkman, Edward Lewis, Ted Lindgreen, Rip Loomis, Bill Manning,
      Dan Massey, Scott Rose, Mike Schiraldi, Jakob Schlyter, Brian
      Wellington.

AFAICS, most probably the draft was o.k. and the bulk of the first
line of that list has been lost in the publication process.


(5)  references

RFC 3655 [3] and RFC 3090 [10] have been incorporated into, and
formally been obsoleted by RFC 4033..35 [4][5][6].

IMHO, it is therefore inappropriate to list [3] as a Normative
Reference in Section 10.1, and it it of questionable benefit
to list both [3] and [10] at all in Section 10.


I apologize for not having caught and reported items (1)..(3) and
(5) when I once studied the -09 draft version of the document;
item (4) is new.

I strongly recommend to post an RFC Errata Note covering at least
items (1) and (4).

Report New Errata



Advanced Search