From owner-cvs-all  Tue Dec 28 17:37:42 1999
Delivered-To: cvs-all@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 7C94615527
	for <cvs-all@FreeBSD.org>; Tue, 28 Dec 1999 17:37:40 -0800 (PST)
	(envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.9.3/8.9.3) with SMTP id UAA49103;
	Tue, 28 Dec 1999 20:37:38 -0500 (EST)
	(envelope-from robert@cyrus.watson.org)
Date: Tue, 28 Dec 1999 20:37:38 -0500 (EST)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Assar Westerlund <assar@sics.se>
Cc: cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libc/net gethostbydns.c
In-Reply-To: <5l66xiln4n.fsf@assaris.sics.se>
Message-ID: <Pine.BSF.3.96.991228203435.49094A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

On 28 Dec 1999, Assar Westerlund wrote:

> Robert Watson <robert@cyrus.watson.org> writes:
> > I went ahead and closed the PR, but have not yet MFC'd it.  I plan to d=
o
> > so shortly.
>=20
> Great.
>=20
> > I noticed that your patch also ignores T_KEY, not just T_SIG -- have yo=
u
> > been getting warnings about T_KEY also?
>=20
> No, I've only been getting warnings on T_SIG.  But my reading of
> section 3.5 in RFC2535 seems to say that KEY rr can also be included
> in responses.  I'm not quite if you can also get back NXT RR?  I think
> that will only happen when you query for an unexisting name.

The DNSsec people around TIS that I asked seem to think that KEY records
only come in the Additional Records section of the packet, so shouldn't
(?) cause warnings, unlike the SIG records that come in the Answer
section.  I'll assume its ok, and see if any warnings happen :-).  As you
point out, NXT's only come in the event of a failed lookup,=A0and I haven't
seen any warnings for that.  On the other hand, NXT isn't implemented
much/at all/correctly in existing name servers.  There were some privacy
concerns expressed about NXT walking, but I'm not sure that's really an
issue.=20

  Robert N M Watson=20

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message