Re: [DNSOP] Clarifying referrals (#35)

Paul Vixie <> Tue, 28 November 2017 23:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1FA65128B44 for <>; Tue, 28 Nov 2017 15:19:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nSq-kqIJG9bD for <>; Tue, 28 Nov 2017 15:19:01 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A202B126C26 for <>; Tue, 28 Nov 2017 15:19:01 -0800 (PST)
Received: from [] (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by (Postfix) with ESMTPSA id 7FAC961FA2; Tue, 28 Nov 2017 23:19:00 +0000 (UTC)
Message-ID: <>
Date: Tue, 28 Nov 2017 15:18:57 -0800
From: Paul Vixie <>
User-Agent: Postbox 5.0.20 (Windows/20171012)
MIME-Version: 1.0
To: Andrew Sullivan <>
References: <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [DNSOP] Clarifying referrals (#35)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 28 Nov 2017 23:19:03 -0000

Andrew Sullivan wrote:
> Dear colleagues,
> Joe Abley and I have just submitted a draft
> (
> that is intended to capture the discussion here about referrals and
> how to describe them.  It is intended for BCP, and it discourages
> upward referrals by authoritative servers.
> That leaves the task of the referrals definition.  I have some new
> text below:
> ---%<---cut here---
> ...
> The second is an upward referral (sometimes described as "root
> referral" or just "referral response", as distinct from the delegation
> response above), where the server is not authoritative for any portion
> of the QNAME.  When this happens, the referred-to zone in the
> Authority section is usually the root zone (.).  In normal DNS
> operation, this kind of response is not strictly speaking required to
> work, and in practice some authoritative server operators will not
> return referral responses beyond those required for delegation.
> ...
> ---cut here--->%---
> Comments, please.  Also, Joe and I solicit comments on the referrals
> draft proper, but it would be nice to put that in a different thread.

what would "to work" mean in the above text? if you ask some authority 
server a question, it is either authoritative for some part of it in 
which case you'll get NOERROR and either an answer or a referral, or it 
is not authoritative and nothing it can tell you will help in any way 
other than some kind of "i am not authoritative for any part of the 
question you have asked me".

that an upward referral could "work" in the above-reference sense seems 
to imply that the authority server you've queried, knows more about 
where the zone really is, than you could learn by walking down from the 
root. that's a walking talking nonsequitur. could you tell me what you 
really mean by "to work" since it can't possibly be that?

P Vixie