Re: [DNSOP] Clarifying referrals (#35)

[Andrew Sullivan <ajs@anvilwalrusden.com>]

Hi all,

Some of you will perhaps recall that previous efforts at text on
referrals were unsuccessful.  I've had another go.  I _think_ it
addresses all the comments so far, without actually causing the
terminology draft to drift into prescribing protocol.  It is
unfortunately quite a bit longer, but that seems to be the cost of
making all the points from the discussion.  Thoughts are solicited:

   Referral:  A type of response in which a server, signalling that it
      is not (completely) authoritative for an answer, provides the
      querying resolver with an alternative place to send its query.
      Referrals can be combined with partial answers.

      A referral arises when a server is not performing recursive
      service while answering a query.  It appears in step 3(b) of the
      algorithm in [RFC1034], Section 4.3.2.

      There are two types of referral response.  The first is a downward
      referral (sometimes described as "delegation response"), where the
      server is authoritative for some portion of the QNAME.  The
      authority section RRset's RDATA contains the name servers
      specified at the referred-to zone cut.  In normal DNS operation,
      this kind of response is required in order to find names beneath a
      delegation.  The bare use of "referral" means this kind of
      referral, and many people believe that this is the only legitimate
      kind of referral in the DNS.

      The second is an upward referral (sometimes described as "root
      referral"), where the server is not authoritative for any portion
      of the QNAME.  When this happens, the referred-to zone in the
      authority section is usually the root zone (.).  In normal DNS
      operation, this kind of response is not required for resolution or
      for correctly answering any query.  There is no requirement that
      servers send them.  Some people regard upward referrals as a sign
      of a misconfiguration or error.

      A response that has only a referral contains an empty answer
      section.  It contains the NS RRset for the referred-to zone in the
      authority section.  It may contain RRs that provide addresses in
      the additional section.  The AA bit is clear.

      In the case where the query matches an alias, and the server is
      not authoritative for the target of the alias but it is
      authoritative for some name above the target of the alias, the
      resolution algorithm will produce a response that contains both
      the authoritative answer for the alias, and also a referral.  Such
      a partial answer and referral response has data in the answer
      section.  It has the NS RRset for the referred-to zone in the
      authority section.  It may contain RRs that provide addresses in
      the additional section.  The AA bit is set, because the first name
      in the answer section matches the QNAME and the server is
      authoritative for that answer (see [RFC1035], section 4.1.1).

-- 
Andrew Sullivan
ajs@anvilwalrusden.com