Merge pull request #20 from boucadair/tireddy2-patch-1

Add files via upload
boucadair · Feb 21, 2024 · ebf2dc9 · ebf2dc9
2 parents 3fc96e1 + 398a735
commit ebf2dc9
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/draft-ietf-add-resolver-info.md b/draft-ietf-add-resolver-info.md
@@ -117,9 +117,11 @@ Reputation:
    using the RESINFO RR type and QNAME of "resolver.arpa". In this case, a client has to contend
    with the risk that a resolver does not support RESINFO. The resolver might
    pass the query upstream, and then the client can receive a positive RESINFO response either
-   from a legitimate upstream DNS resolver or an attacker. If a client sees the RESINFO in the
-   Answer section, it can detect that the response is not provided by the resolver
-   and discards the response.
+   from a legitimate upstream DNS resolver or an attacker. The DNS client MUST
+   set the Recursion Desired (RD) bit of the query to 0 to ensure that the response is provided by the resolver.
+   If the resolver does not support RESINFO, it will return an authoritative name error.
+   In addition, if a client sees the RESINFO in the Answer section, it can detect that
+   the response is not provided by the resolver and discards the response.
 
 #  Format of the Resolver Information {#format}