Re: TKEY compatibility problems

[Brian Wellington <Brian.Wellington@nominum.com>]

On Thu, 12 Jul 2001, D. J. Bernstein wrote:

> Brian Wellington writes:
> > I'm saying that your server will cache the
> > records, which could lead to strange results in the future.
>
> I don't know what you mean by ``strange.'' Is there a problem, or not?
> Will a TKEY-aware client have trouble if I forward it a copy of a TKEY
> record that someone else spontaneously sent me?

There would be a problem if a client was sanity checking the response of
an ANY query, and saw a TKEY record in the answer section.  Seeing a
meta-type where it's not expected is bad.

> If so, the TKEY extension is broken. You said that TKEY servers could
> spontaneously send TKEY records. Forwarding the records---treating them
> as zone data---is indisputably correct behavior for my cache. See RFC
> 1123 section 6.1.3.5. See also http://cr.yp.to/djbdns/newtypes.html.

A spontaneous TKEY will only be in the additional section, which means
that it shouldn't be treated as zone data.  If it was in the answer
section, I'd agree that it would be zone data, and that it is a broken
extension.

> If, on the other hand, there is no problem, then why did you claim that
> my AXFR client shouldn't forward the records?

Because they're not part of the zone, as indicated by the fact that
they're in the additional section.

Brian



to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.