RFC Errata
RFC 8906, "A Common Operational Problem in DNS Servers: Failure to Communicate", September 2020
Source of RFC: dnsop (ops)
Errata ID: 7689
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Josh Soref
Date Reported: 2023-10-26
Held for Document Update by: Warren Kumari (Ops AD)
Date Held: 2024-01-29
Section 8.2.8 says:
expect: DO=1 to be present if an RRSIG is in the response
It should say:
expect: flag: do to be present if an RRSIG is in the response
Notes:
The same section has `expect: flag: aa to be present`, and when running the suggested command, no `DO=1` is shown, which makes the advice unhelpful.
Sample command:
```
$ dig +nocookie +edns=0 +noad +norec +dnssec soa $zone @$server
; <<>> DiG 9.16.44-Debian <<>> +nocookie +edns +noad +norec +dnssec soa powerdns.com @2600:3c03::f03c:91ff:fe55:e54d
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 45268
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
;; QUESTION SECTION:
;powerdns.com. IN SOA
;; Query time: 0 msec
;; SERVER: 2600:3c03::f03c:91ff:fe55:e54d#53(2600:3c03::f03c:91ff:fe55:e54d)
;; WHEN: Thu Oct 26 22:26:44 UTC 2023
;; MSG SIZE rcvd: 41
```
[ WK: For more info, see thread: https://mailarchive.ietf.org/arch/msg/dnsop/gA71yLWLZ8-eylYgKjNy9emP9hU/
It was also suggested that reminding readers that "@$server" in this case refers to an
authoritative server, and not a recursive server - See Sec 8 ]