RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 8906, "A Common Operational Problem in DNS Servers: Failure to Communicate", September 2020

Source of RFC: dnsop (ops)

Errata ID: 7689
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT, PDF, HTML

Reported By: Josh Soref
Date Reported: 2023-10-26
Held for Document Update by: Warren Kumari (Ops AD)
Date Held: 2024-01-29

Section 8.2.8 says:

expect: DO=1 to be present if an RRSIG is in the response

It should say:

expect: flag: do to be present if an RRSIG is in the response


The same section has `expect: flag: aa to be present`, and when running the suggested command, no `DO=1` is shown, which makes the advice unhelpful.

Sample command:
$ dig +nocookie +edns=0 +noad +norec +dnssec soa $zone @$server

; <<>> DiG 9.16.44-Debian <<>> +nocookie +edns +noad +norec +dnssec soa powerdns.com @2600:3c03::f03c:91ff:fe55:e54d
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 45268
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags: do; udp: 1232
;powerdns.com. IN SOA

;; Query time: 0 msec
;; SERVER: 2600:3c03::f03c:91ff:fe55:e54d#53(2600:3c03::f03c:91ff:fe55:e54d)
;; WHEN: Thu Oct 26 22:26:44 UTC 2023
;; MSG SIZE rcvd: 41

[ WK: For more info, see thread: https://mailarchive.ietf.org/arch/msg/dnsop/gA71yLWLZ8-eylYgKjNy9emP9hU/

It was also suggested that reminding readers that "@$server" in this case refers to an
authoritative server, and not a recursive server - See Sec 8 ]

Report New Errata

Advanced Search