Hi Paul,
On 1/15/26 02:32, Paul Wouters wrote:
On Wed, 14 Jan 2026, Robert Edmonds wrote:
Petr Špaček wrote:
Is it 'protocol-legal' to have multiple identical RRs in the message?
I would think it is not, but also I don't see test prohibiting it.
"...servers should suppress such duplicates if encountered."
[...]
This advise of suppressing it seems outdated, as it would invalidate the
RRSIG over the RRset.
Signing RRset containing duplicate records is not compliant, so the advice only
applies to unsigned zones anyway:
RFC 4034 Section 6.3:
[RFC2181] specifies that an RRset is not allowed to contain duplicate
records (multiple RRs with the same owner name, class, type, and
RDATA). Therefore, if an implementation detects duplicate RRs when
putting the RRset in canonical form, it MUST treat this as a protocol
error.
Cheers,
Peter
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
