Date: Tue, 28 Dec 1999 20:37:38 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Assar Westerlund <assar@sics.se> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libc/net gethostbydns.c Message-ID: <Pine.BSF.3.96.991228203435.49094A-100000@fledge.watson.org> In-Reply-To: <5l66xiln4n.fsf@assaris.sics.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On 28 Dec 1999, Assar Westerlund wrote: > Robert Watson <robert@cyrus.watson.org> writes: > > I went ahead and closed the PR, but have not yet MFC'd it. I plan to d= o > > so shortly. >=20 > Great. >=20 > > I noticed that your patch also ignores T_KEY, not just T_SIG -- have yo= u > > been getting warnings about T_KEY also? >=20 > No, I've only been getting warnings on T_SIG. But my reading of > section 3.5 in RFC2535 seems to say that KEY rr can also be included > in responses. I'm not quite if you can also get back NXT RR? I think > that will only happen when you query for an unexisting name. The DNSsec people around TIS that I asked seem to think that KEY records only come in the Additional Records section of the packet, so shouldn't (?) cause warnings, unlike the SIG records that come in the Answer section. I'll assume its ok, and see if any warnings happen :-). As you point out, NXT's only come in the event of a failed lookup,=A0and I haven't seen any warnings for that. On the other hand, NXT isn't implemented much/at all/correctly in existing name servers. There were some privacy concerns expressed about NXT walking, but I'm not sure that's really an issue.=20 Robert N M Watson=20 robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.991228203435.49094A-100000>