RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 1 record.

Status: Reported (1)

RFC 9462, "Discovery of Designated Resolvers", November 2023

Source of RFC: add (int)

Errata ID: 8278
Status: Reported
Type: Technical
Publication Format(s) : TEXT, PDF, HTML

Reported By: Robert Edmonds
Date Reported: 2025-02-03

Section 6.4 says:

   DNS resolvers that support DDR by responding to queries for
   _dns.resolver.arpa. MUST treat resolver.arpa as a locally served zone
   per [RFC6303].  In practice, this means that resolvers SHOULD respond
   to queries of any type other than SVCB for _dns.resolver.arpa. with
   NODATA and queries of any type for any domain name under
   resolver.arpa with NODATA.

It should say:

   DNS resolvers that support DDR by responding to queries for
   _dns.resolver.arpa. MUST treat resolver.arpa as a locally served zone
   per [RFC6303].  In practice, this means that resolvers SHOULD respond
   to queries of any type other than SVCB for _dns.resolver.arpa. with
   NODATA and queries of any type for any domain name under
   resolver.arpa (other than _dns.resolver.arpa) with NXDOMAIN.

Notes:

Ordinary DNS zones generally return NXDOMAIN for names that have no data of any type and that are not empty non-terminals. The behavior described in 9462 where "resolvers SHOULD respond to [...] queries of any type for any domain name under resolver.arpa with NODATA" is a special kind of behavior that requires odd configuration to achieve (e.g. https://github.com/NLnetLabs/unbound/issues/1016#issuecomment-2630681753) or handled as a special case if implemented in code. I also noticed that at least one implementation ignores this SHOULD (e.g. "dig x.y.z.resolver.arpa @8.8.8.8" returns an NXDOMAIN response (not NODATA) while "dig -t SVCB _dns.resolver.arpa @8.8.8.8" returns a DDR response).

I do not see a rationale in the document for this special requirement. I searched the ADD mailing list and came up with the following references that touch on this issue but do not seem to specifically address why a NODATA response is needed for domain names below resolver.arpa (other than _dns.resolver.arpa):

https://mailarchive.ietf.org/arch/msg/add/wV4Q8xDLV_5ys6uHrjFD2jLSaVI/
https://mailarchive.ietf.org/arch/msg/add/b59f7wQI-3s2K-5o9MTAEFBIY7Q/
https://github.com/ietf-wg-add/draft-ietf-add-ddr/issues/58
https://github.com/ietf-wg-add/draft-ietf-add-ddr/pull/61

So I suspect this is a drafting error and something like the corrected text suggested in this erratum was meant instead.

There is a similar reference to NODATA rather than NXDOMAIN in Section 4 in the case where no Designated Resolver exists which also requires special configuration or implementation to achieve. I suspect that that text should say NXDOMAIN rather than NODATA.

Thanks!

Report New Errata



Advanced Search