Re: [dnsext] Lame Server responses

Edward Lewis <> Tue, 12 October 2010 12:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2E7F93A6968; Tue, 12 Oct 2010 05:54:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -101.566
X-Spam-Status: No, score=-101.566 tagged_above=-999 required=5 tests=[AWL=1.033, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id iFBpu4Ml0GtC; Tue, 12 Oct 2010 05:54:35 -0700 (PDT)
Received: from ( [IPv6:2001:418:1::62]) by (Postfix) with ESMTP id 067CF3A694F; Tue, 12 Oct 2010 05:54:35 -0700 (PDT)
Received: from majordom by with local (Exim 4.72 (FreeBSD)) (envelope-from <>) id 1P5eJb-0003r6-8O for; Tue, 12 Oct 2010 12:50:47 +0000
Received: from ([]) by with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <>) id 1P5eJY-0003qF-Fb for; Tue, 12 Oct 2010 12:50:44 +0000
Received: from Work-Laptop-2.local ( []) by (8.14.4/8.14.4) with ESMTP id o9CCoVm4055279; Tue, 12 Oct 2010 08:50:33 -0400 (EDT) (envelope-from
Received: from [] by Work-Laptop-2.local (PGP Universal service); Tue, 12 Oct 2010 08:50:39 -0400
X-PGP-Universal: processed; by Work-Laptop-2.local on Tue, 12 Oct 2010 08:50:39 -0400
Mime-Version: 1.0
Message-Id: <a06240802c8da07a4f1cd@[]>
In-Reply-To: <>
References: <a06240801c8d8cde3e37e@[]> <15C444FDEB61471D8FFC167D9CF14435@local> <a06240804c8d91279f68d@[]> <>
Date: Tue, 12 Oct 2010 08:43:07 -0400
To: Tony Finch <>
From: Edward Lewis <>
Subject: Re: [dnsext] Lame Server responses
Cc: Edward Lewis <>, <>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Scanned-By: MIMEDefang 2.68 on
Precedence: bulk
List-ID: <>
List-Unsubscribe: To unsubscribe send a message to with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <>

At 11:30 +0100 10/12/10, Tony Finch wrote:

>BIND's behaviour makes a useful distinction between lame (REFUSED) and
>broken (SERVFAIL).

The problem (for both us and BIND, and everyone in general) there are at least:

"The answer failed DNSSEC"
"I couldn't follow a referral (all servers down)"
"I won't answer you (query, dynamic update, or zone management)"
"I am not properly informed" (lame)

These four cases (plus others probably) have to map into two response 
code values.  Distinctions really aren't going to be made.

Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Ever get the feeling that someday if you google for your own life story,
you'll find that someone has already written it and it's on sale at Amazon?