On Thursday, 2 April 2020 21:06:26 UTC Brian Somers wrote: > FWIW, OpenDNS/Umbrella/Cisco will use the glue to look things > up and won’t explicitly ask the authority for its own NS record. > > However, if we’re asked for an NS record by a client, we’ll lookup > & return the authoritative answer and that answer will trump the glue. > We’ll never serve glue to a client. > > One of the problems with caching NS records is that you’ve got to be > careful that you don’t let them keep re-asserting their own presence > in the cache (by repeating their RRset in the AUTH section every time > you talk to them). We do *force* their eventual TTL decay, but > for frequently queried domains, the original glue TTL is *not* honoured > due to the authoritative RRset trumping it!
sounds like you've implemented section 2 (kewl!) but not yet section 4: https://www.ietf.org/archive/id/draft-vixie-dnsext-resimprove-00.txt > This may be what was happening for shopdisney.co.uk... if so then you may also want to implement section 2.5 (ibid). -- Paul _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
