Ted Lemon <[email protected]> wrote:
> On Feb 7, 2019, at 7:44 AM, Petr Špaček <[email protected]> wrote:
> > When looking at it from resolver perspective, what is the resolver
> > supposed to do with query "zone. NS" if there is no authoritative NS set
> > in the zone? Return NOERROR+NODATA?
>
> It should reply with no error and no data. But this is okay, because
> you never need to ask this question in order to resolve a name. If you
> are looking up an NS record with intent to use it, it’s going to be in
> the parent zone, where you are looking for a delegation.
But in this scenario things soon go wrong, because RFC 2181 says the
NODATA reply replaces the delegation records in the resolver's cache. This
means that if a client explicitly asks for the NS records of a zone that
lacks them, resolution for other records in the zone will subsequently
fail.
Tony.
--
f.anthony.n.finch <[email protected]> http://dotat.at/
Tyne: West, backing south, 5 to 7. Slight or moderate, occasionally rough
later. Showers. Good occasionally moderate.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
