Re: [dnsext] duplicate RRs and resulting RRSIG
bert hubert <bert.hubert@netherlabs.nl> Wed, 04 January 2012 20:55 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DAD521F8643; Wed, 4 Jan 2012 12:55:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1325710523; bh=X5gecTMlleVS4BJwvuA7VoRlaNKWlvp250tNXSbtIzo=; h=Date:From:To:Message-ID:References:MIME-Version:In-Reply-To:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; b=edqMytSYqKya8lmFgWehn1ZOLxFR+afH2AjCdj3ALBASDpcGeeF0IAVGT8D0kHVYv U6P2iwcRI+72K81exeHF0QcVnzkDHDL0p2arR8vU8zHOvZy/WIMVOK4csiPJU+4d5s VVRzVHwPADfZ4Q6hIGR35ARVAcV7yZsG8Vn/1pSw=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54AB521F8643 for <dnsext@ietfa.amsl.com>; Wed, 4 Jan 2012 12:55:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2WoZrh-OQTTq for <dnsext@ietfa.amsl.com>; Wed, 4 Jan 2012 12:55:21 -0800 (PST)
Received: from xs.powerdns.com (xs.powerdns.com [IPv6:2001:888:2000:1d::2]) by ietfa.amsl.com (Postfix) with ESMTP id BDFD921F863F for <dnsext@ietf.org>; Wed, 4 Jan 2012 12:55:21 -0800 (PST)
Received: from ahu by xs.powerdns.com with local (Exim 4.71) (envelope-from <ahu@xs.powerdns.com>) id 1RiXrk-0004bX-OD; Wed, 04 Jan 2012 21:55:20 +0100
Date: Wed, 04 Jan 2012 21:55:20 +0100
From: bert hubert <bert.hubert@netherlabs.nl>
To: Mohan Parthasarathy <suruti94@gmail.com>
Message-ID: <20120104205520.GA17188@xs.powerdns.com>
References: <CA+wr5LX8DbiGZnxEtQxRMsiW3Y+RnVHMZsBnuge=783BTL5PiQ@mail.gmail.com> <CACU5sDm8UZMqkL_jp-jrz5P6S_mOi8mYdi9xNUp7J=5k85d8zA@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CACU5sDm8UZMqkL_jp-jrz5P6S_mOi8mYdi9xNUp7J=5k85d8zA@mail.gmail.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: "dnsext@ietf.org" <dnsext@ietf.org>
Subject: Re: [dnsext] duplicate RRs and resulting RRSIG
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
On Wed, Jan 04, 2012 at 12:39:04PM -0800, Mohan Parthasarathy wrote: > Section 6.3 of RFC 4034 states: Hi Mohan, Thank you very much - and apologies for not searching through the relevant RFCs! Some notes: > 6.3. Canonical RR Ordering within an RRset > [RFC2181] specifies that an RRset is not allowed to contain duplicate > records (multiple RRs with the same owner name, class, type, and > RDATA). Therefore, if an implementation detects duplicate RRs when Well, it sorta says that. > putting the RRset in canonical form, it MUST treat this as a protocol > error. If the implementation chooses to handle this protocol error > in the spirit of the robustness principle (being liberal in what it > accepts), it MUST remove all but one of the duplicate RR(s) for the > purposes of calculating the canonical form of the RRset. This is exciting language - you MUST do A, but if you don't THEN you MUST do B ;-) We'll go for B. > Going by this, PowerDNS should have removed the duplicate RRs before signing. Very clear & will do! Bert _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] duplicate RRs and resulting RRSIG bert hubert
- Re: [dnsext] duplicate RRs and resulting RRSIG Mohan Parthasarathy
- Re: [dnsext] duplicate RRs and resulting RRSIG bmanning
- Re: [dnsext] duplicate RRs and resulting RRSIG bert hubert
- Re: [dnsext] duplicate RRs and resulting RRSIG Doug Barton
- Re: [dnsext] duplicate RRs and resulting RRSIG SM
- Re: [dnsext] duplicate RRs and resulting RRSIG Marco Davids (SIDN)
- Re: [dnsext] duplicate RRs and resulting RRSIG Tony Finch
- Re: [dnsext] duplicate RRs and resulting RRSIG Tony Finch