Draft: resolver,api: tweak logic for AD bit and set AA if all RRsets have rank KR_RANK_AUTH. (!1605) · Merge requests · Knot projects / Knot Resolver

menakite requested to merge menakite/knot-resolver:tweak-ad-set-aa into master Aug 29, 2024

AD: my understanding is that RFC 4035, section 3.2.3, mandates non-empty Answer or Authority section to set the AD bit in responses.

AA: by using logic similar to that for the AD bit, AA bit in responses is set in resolver's answer_finalize if all RRsets are non-secure (so no AD bit) and have rank KR_RANK_AUTH.

KR_RANK_AUTH is safe enough because in current code it is never set alone.

If a RRset has only KR_RANK_AUTH, it indicates that an authoritative response is wanted.

Can add and use another flag if desired, but I'd prefer not to.

Admin message

Admin message

Draft: resolver,api: tweak logic for AD bit and set AA if all RRsets have rank KR_RANK_AUTH.

Merge request reports