RFC Errata
RFC 1035, "Domain names - implementation and specification", November 1987
Source of RFC: LegacyArea Assignment: int
Errata ID: 5626
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Petr Špaček
Date Reported: 2019-02-07
Held for Document Update by: Warren Kumari (Ops AD)
Date Held: 2019-02-08
Section 5.2. says:
Several other validity checks that should be performed in addition to insuring that the file is syntactically correct: 1. All RRs in the file should have the same class. 2. Exactly one SOA RR should be present at the top of the zone. 3. If delegations are present and glue information is required, it should be present. 4. Information present outside of the authoritative nodes in the zone should be glue information, rather than the result of an origin or similar error.
It should say:
Several other validity checks that should be performed in addition to insuring that the file is syntactically correct: 1. All RRs in the file should have the same class. 2. Exactly one SOA RR should be present at the top of the zone. 3. If delegations are present and glue information is required, it should be present. 4. Information present outside of the authoritative nodes in the zone should be glue information, rather than the result of an origin or similar error. 5. At least one NS RR must be present at the top of the zone.
Notes:
[ WK (OpsAD): This is correct, and should be considered / included if this RFC is updated. ]
RFC 1034 Section 4.2.1 vaguely specifies that NS RRs are expected to be found at zone apex but it is missing in the original algorithm above. This erratum adds explicit requirement for NS RR at zone apex.
Even more importantly this expectation was built into subsequent RFCs, e.g. RFC 2181 which would break if NS was present only in the parent zone but not in the child zone.
References to dnsop mailing list:
- https://mailarchive.ietf.org/arch/msg/dnsop/ipwko314FenUxrdzMl5vcick9wQ
- https://mailarchive.ietf.org/arch/msg/dnsop/JAS6TREsOh-b2J4rEAND6cds0Og