RFC Errata
Found 1 record.
Status: Reported (1)
RFC 9462, "Discovery of Designated Resolvers", November 2023
Source of RFC: add (int)
Errata ID: 8278
Status: Reported
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Robert Edmonds
Date Reported: 2025-02-03
Section 6.4 says:
DNS resolvers that support DDR by responding to queries for _dns.resolver.arpa. MUST treat resolver.arpa as a locally served zone per [RFC6303]. In practice, this means that resolvers SHOULD respond to queries of any type other than SVCB for _dns.resolver.arpa. with NODATA and queries of any type for any domain name under resolver.arpa with NODATA.
It should say:
DNS resolvers that support DDR by responding to queries for _dns.resolver.arpa. MUST treat resolver.arpa as a locally served zone per [RFC6303]. In practice, this means that resolvers SHOULD respond to queries of any type other than SVCB for _dns.resolver.arpa. with NODATA and queries of any type for any domain name under resolver.arpa (other than _dns.resolver.arpa) with NXDOMAIN.
Notes:
Ordinary DNS zones generally return NXDOMAIN for names that have no data of any type and that are not empty non-terminals. The behavior described in 9462 where "resolvers SHOULD respond to [...] queries of any type for any domain name under resolver.arpa with NODATA" is a special kind of behavior that requires odd configuration to achieve (e.g. https://github.com/NLnetLabs/unbound/issues/1016#issuecomment-2630681753) or handled as a special case if implemented in code. I also noticed that at least one implementation ignores this SHOULD (e.g. "dig x.y.z.resolver.arpa @8.8.8.8" returns an NXDOMAIN response (not NODATA) while "dig -t SVCB _dns.resolver.arpa @8.8.8.8" returns a DDR response).
I do not see a rationale in the document for this special requirement. I searched the ADD mailing list and came up with the following references that touch on this issue but do not seem to specifically address why a NODATA response is needed for domain names below resolver.arpa (other than _dns.resolver.arpa):
https://mailarchive.ietf.org/arch/msg/add/wV4Q8xDLV_5ys6uHrjFD2jLSaVI/
https://mailarchive.ietf.org/arch/msg/add/b59f7wQI-3s2K-5o9MTAEFBIY7Q/
https://github.com/ietf-wg-add/draft-ietf-add-ddr/issues/58
https://github.com/ietf-wg-add/draft-ietf-add-ddr/pull/61
So I suspect this is a drafting error and something like the corrected text suggested in this erratum was meant instead.
There is a similar reference to NODATA rather than NXDOMAIN in Section 4 in the case where no Designated Resolver exists which also requires special configuration or implementation to achieve. I suspect that that text should say NXDOMAIN rather than NODATA.
Thanks!