Paul Wouters wrote: > On Wed, 14 Jan 2026, Robert Edmonds wrote: > > > Petr Špaček wrote: > > > Is it 'protocol-legal' to have multiple identical RRs in the message? > > > > > > I would think it is not, but also I don't see test prohibiting it. > > > > "...servers should suppress such duplicates if encountered." > > > > (RFC 2181, Section 5) > > > > "A Resource Record Set should only be included once in any DNS reply. > > It may occur in any of the Answer, Authority, or Additional Information > > sections, as required. However it should not be repeated in the > > same, or any other, section, except where explicitly required by a > > specification." > > > > (RFC 2181, Section 5.5) > > This advise of suppressing it seems outdated, as it would invalidate the > RRSIG over the RRset.
RRSIGs are calculated over the canonically ordered RRset, the definition of which (RFC 4034, Section 6.3) incorporates the suppression advice from 2181. -- Robert Edmonds _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
