ICANN ICANN Email List Archives

[techcheck-comments]


<<< Chronological Index >>>    <<< Thread Index >>>

Additional delegation checks

  • To: techcheck-comments@xxxxxxxxx
  • Subject: Additional delegation checks
  • From: Mark Andrews <Mark_Andrews@xxxxxxx>
  • Date: Sun, 20 Aug 2006 17:42:38 +1000

        TLD servers should be reachable via TCP as well as UDP.
        This is particularly important for non-delegation only TLD
        zones as they are much more likely to produce answers that
        exceed the 512 octets allowed for by plain DNS.

        TLD servers SHOULD be EDNS capable.  EDNS has been on the
        standards track for 7 years now.  Lack of EDNS support slows
        down the resolution process.  If the servers are not EDNS
        aware they MUST respond to repeated EDNS queries.  Servers
        should return FORMERR or NOTIMP.  A return of SERVFAIL is
        not cachable by the client population.

        There is at least one nameserver vendor that responds to the
        initial EDNS query then has a 60 second dead time where it
        wont respond to EDNS queries from the same address.

        TLD servers SHOULD be CD aware.  They MUST NOT fail to
        respond to queries with CD set.  If they are not DNSSEC
        aware they SHOULD clear CD and respond as if CD was not
        set.  If they respond to a error code to CD is should be
        FORMERR or NOTIMP as SERVFAIL is not a cachable.

        If a server is EDNS it should be able to generate responses
        that are greater than 512 octets.  It must also be capable of
        returning a fragmented UDP response.  This is actually testing
        the nameserver incombination with any firewall / loadbalancer
        sitting in front of the nameservers.  Most nameserver which
        are EDNS capable will generater the correct response.  The
        firewall / loadbalancer is not always capable of passing the
        response back to the client.   This may require a test zone
        on the TLD server with RRsets of sufficent size to get the
        desired responses.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:  +61 2 9871 4742                  INTERNET: Mark_Andrews@xxxxxxx


<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy