--- 1/draft-ietf-dnsop-no-response-issue-16.txt	2020-03-11 01:13:21.251007632 -0700
+++ 2/draft-ietf-dnsop-no-response-issue-17.txt	2020-03-11 01:13:21.311009167 -0700
@@ -1,18 +1,18 @@
 
 Network Working Group                                         M. Andrews
 Internet-Draft                                                 R. Bellis
 Intended status: Best Current Practice                               ISC
-Expires: September 9, 2020                                 March 8, 2020
+Expires: September 12, 2020                               March 11, 2020
 
  A Common Operational Problem in DNS Servers - Failure To Communicate.
-                 draft-ietf-dnsop-no-response-issue-16
+                 draft-ietf-dnsop-no-response-issue-17
 
 Abstract
 
    The DNS is a query / response protocol.  Failing to respond to
    queries, or responding incorrectly, causes both immediate operational
    problems and long term problems with protocol development.
 
    This document identifies a number of common kinds of queries to which
    some servers either fail to respond or else respond incorrectly.
    This document also suggests procedures for zone operators to apply to
@@ -29,21 +29,21 @@
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF).  Note that other groups may also distribute
    working documents as Internet-Drafts.  The list of current Internet-
    Drafts is at https://datatracker.ietf.org/drafts/current/.
 
    Internet-Drafts are draft documents valid for a maximum of six months
    and may be updated, replaced, or obsoleted by other documents at any
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on September 9, 2020.
+   This Internet-Draft will expire on September 12, 2020.
 
 Copyright Notice
 
    Copyright (c) 2020 IETF Trust and the persons identified as the
    document authors.  All rights reserved.
 
    This document is subject to BCP 78 and the IETF Trust's Legal
    Provisions Relating to IETF Documents
    (https://trustee.ietf.org/license-info) in effect on the date of
    publication of this document.  Please review these documents
@@ -93,24 +93,25 @@
        8.2.6.  Testing EDNS Version Negotiation With Unknown EDNS
                Options . . . . . . . . . . . . . . . . . . . . . . .  19
        8.2.7.  Testing Truncated Responses . . . . . . . . . . . . .  20
        8.2.8.  Testing DO=1 Handling . . . . . . . . . . . . . . . .  20
        8.2.9.  Testing EDNS Version Negotiation With DO=1  . . . . .  21
        8.2.10. Testing With Multiple Defined EDNS Options  . . . . .  22
      8.3.  When EDNS Is Not Supported  . . . . . . . . . . . . . . .  22
    9.  Remediation . . . . . . . . . . . . . . . . . . . . . . . . .  22
    10. Security Considerations . . . . . . . . . . . . . . . . . . .  24
    11. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  24
-   12. References  . . . . . . . . . . . . . . . . . . . . . . . . .  24
-     12.1.  Normative References . . . . . . . . . . . . . . . . . .  24
-     12.2.  Informative References . . . . . . . . . . . . . . . . .  25
-   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  25
+   12. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  24
+   13. References  . . . . . . . . . . . . . . . . . . . . . . . . .  24
+     13.1.  Normative References . . . . . . . . . . . . . . . . . .  24
+     13.2.  Informative References . . . . . . . . . . . . . . . . .  25
+   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  26
 
 1.  Introduction
 
    The DNS [RFC1034], [RFC1035] is a query / response protocol.  Failing
    to respond to queries, or responding incorrectly, causes both
    immediate operational problems and long term problems with protocol
    development.
 
    Failure to respond to a query is indistinguishable from packet loss
    without doing an analysis of query-response patterns.  Additionally
@@ -489,20 +490,29 @@
    zone.
 
    It is advisable to run all of the tests below in parallel so as to
    minimise the delays due to multiple timeouts when the servers do not
    respond.  There are 16 queries directed to each nameserver (assuming
    no packet loss) testing different aspects of Basic DNS and Extended
    DNS.
 
    The tests below use dig from BIND 9.11.0.
 
+   When testing recursive servers set RD=1 and choose a zone name that
+   is know to exist and is not being served by the recursive server.
+   The root zone (".") is often a good candidate as it is DNSSEC signed.
+   RD=1, rather than RD=0, should be present in the responses for all
+   test involving the opcode QUERY.  Non-authoritative answers (AA=0)
+   are expected when talking to a recursive server.  AD=1 is only
+   expected if the server is validating responses and one or both AD=1
+   or DO=1 is set in the request otherwise AD=0 is expected.
+
 8.1.  Testing - Basic DNS
 
    This first set of tests cover basic DNS server behaviour and all
    servers should pass these tests.
 
 8.1.1.  Is The Server Configured For The Zone?
 
    Ask for the SOA record of the configured zone.  This query is made
    with no DNS flag bits set and without EDNS.
 
@@ -1076,23 +1086,29 @@
    settings.
 
    When removing delegations for non-compliant servers there can be a
    knock on effect on other zones that require these zones to be
    operational for the nameservers addresses to be resolved.
 
 11.  IANA Considerations
 
    There are no actions for IANA.
 
-12.  References
+12.  Acknowledgements
 
-12.1.  Normative References
+   The contributions of the following are gratefully acknowledged:
+
+   Matthew Pounsett, Tim Wicinski.
+
+13.  References
+
+13.1.  Normative References
 
    [RFC1034]  Mockapetris, P., "Domain names - concepts and facilities",
               STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987,
               <https://www.rfc-editor.org/info/rfc1034>.
 
    [RFC1035]  Mockapetris, P., "Domain names - implementation and
               specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
               November 1987, <https://www.rfc-editor.org/info/rfc1035>.
 
    [RFC3225]  Conrad, D., "Indicating Resolver Support of DNSSEC",
@@ -1116,21 +1132,21 @@
 
    [RFC6895]  Eastlake 3rd, D., "Domain Name System (DNS) IANA
               Considerations", BCP 42, RFC 6895, DOI 10.17487/RFC6895,
               April 2013, <https://www.rfc-editor.org/info/rfc6895>.
 
    [RFC7766]  Dickinson, J., Dickinson, S., Bellis, R., Mankin, A., and
               D. Wessels, "DNS Transport over TCP - Implementation
               Requirements", RFC 7766, DOI 10.17487/RFC7766, March 2016,
               <https://www.rfc-editor.org/info/rfc7766>.
 
-12.2.  Informative References
+13.2.  Informative References
 
    [RFC2671]  Vixie, P., "Extension Mechanisms for DNS (EDNS0)",
               RFC 2671, DOI 10.17487/RFC2671, August 1999,
               <https://www.rfc-editor.org/info/rfc2671>.
 
    [RFC3597]  Gustafsson, A., "Handling of Unknown DNS Resource Record
               (RR) Types", RFC 3597, DOI 10.17487/RFC3597, September
               2003, <https://www.rfc-editor.org/info/rfc3597>.
 
    [RFC5001]  Austein, R., "DNS Name Server Identifier (NSID) Option",