In message <[email protected]>, Florian Weimer writes:
> * Mark Andrews:
>
> >>> Another note is that the answer to the NS query, unlike the referral
> >>> sent when the question is a full qname, is in the Answer section, not
> >>> in the Authoritative section. It has probably no practical
> >>> consequences.
> >>
> >> Most resolvers do not make NS queries, and some authoritative servers
> >> do not return useful data (or any data at all). So using NS queries
> >> for zone cut discovery does not work reliably.
> >
> > Any resolver that is DNSSEC aware will make NS queries (whether
> > validating or not).
>
> Really? Where is this mentioned in the protocol RFCs?
RFC 3658
2.2.1.2. Special processing when child and an ancestor share
nameserver
> > Nameservers that fail to handle NS queries are broken. More NS
> > queries would be good for the overall health of the DNS as it would
> > flush out the broken servers.
>
> Sure, but in practice, no one wants to be the person who exerts this
> perssure on zone publishers.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
