Bug 1397 – Recursive DS lookups for AS112 zones names should recurse.

Bug 1397 - Recursive DS lookups for AS112 zones names should recurse.


Summary:	Recursive DS lookups for AS112 zones names should recurse.

Status:	RESOLVED FIXED

Product:	unbound
Classification:	Unclassified
Component:	server
Version:	unspecified
Hardware:	Other All

Importance:	P5 enhancement
Assigned To:	unbound team

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2017-08-07 05:09 CEST by Mark Andrews
Modified:	2017-08-07 13:36 CEST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Andrews 2017-08-07 05:09:26 CEST

While RFC 6303 permits local zones to answer these names they still
need to follow all the resolution rules.  DS records for these names
belong to the parent zone and as long as the client is requesting
recursion and the server allows recursion for the client they the
query should recurse.

Comment 1 Wouter Wijngaards 2017-08-07 09:04:25 CEST

Hi Mark,

Yes you are right.  Nasty for downstream lookups of nxdomains (or nonDNSSEC trust points) for those DS records, who then don't get the recursive lookup for the DS record but a canned nodata answer.

Best regards, Wouter

Comment 2 Wouter Wijngaards 2017-08-07 13:36:02 CEST

Hi Mark,

Fixed.  Thank you for the report!

Best regards, Wouter