On 15. 01. 26 12:28, Peter Thomassen wrote:
Hi Paul,
On 1/15/26 02:32, Paul Wouters wrote:
On Wed, 14 Jan 2026, Robert Edmonds wrote:
Petr Špaček wrote:
Is it 'protocol-legal' to have multiple identical RRs in the message?
I would think it is not, but also I don't see test prohibiting it.
"...servers should suppress such duplicates if encountered."
[...]
This advise of suppressing it seems outdated, as it would invalidate the
RRSIG over the RRset.
Signing RRset containing duplicate records is not compliant, so the
advice only applies to unsigned zones anyway:
RFC 4034 Section 6.3:
[RFC2181] specifies that an RRset is not allowed to contain duplicate
records (multiple RRs with the same owner name, class, type, and
RDATA). Therefore, if an implementation detects duplicate RRs when
putting the RRset in canonical form, it MUST treat this as a protocol
error.
I guess it should not be any surprise as RR set is, well, a set. It's
simply again now knowing how much of RFC 1034 should be taken literally.
--
Petr Špaček
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
