Additional delegation checks
- To: techcheck-comments@xxxxxxxxx
- Subject: Additional delegation checks
- From: Mark Andrews <Mark_Andrews@xxxxxxx>
- Date: Sun, 20 Aug 2006 17:42:38 +1000
TLD servers should be reachable via TCP as well as UDP.
This is particularly important for non-delegation only TLD
zones as they are much more likely to produce answers that
exceed the 512 octets allowed for by plain DNS.
TLD servers SHOULD be EDNS capable. EDNS has been on the
standards track for 7 years now. Lack of EDNS support slows
down the resolution process. If the servers are not EDNS
aware they MUST respond to repeated EDNS queries. Servers
should return FORMERR or NOTIMP. A return of SERVFAIL is
not cachable by the client population.
There is at least one nameserver vendor that responds to the
initial EDNS query then has a 60 second dead time where it
wont respond to EDNS queries from the same address.
TLD servers SHOULD be CD aware. They MUST NOT fail to
respond to queries with CD set. If they are not DNSSEC
aware they SHOULD clear CD and respond as if CD was not
set. If they respond to a error code to CD is should be
FORMERR or NOTIMP as SERVFAIL is not a cachable.
If a server is EDNS it should be able to generate responses
that are greater than 512 octets. It must also be capable of
returning a fragmented UDP response. This is actually testing
the nameserver incombination with any firewall / loadbalancer
sitting in front of the nameservers. Most nameserver which
are EDNS capable will generater the correct response. The
firewall / loadbalancer is not always capable of passing the
response back to the client. This may require a test zone
on the TLD server with RRsets of sufficent size to get the
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@xxxxxxx