On Thu, Feb 07, 2019 at 09:40:24AM -0500, Ted Lemon wrote:
> On Feb 7, 2019, at 9:16 AM, Tony Finch <d...@dotat.at> wrote:
> > But in this scenario things soon go wrong, because RFC 2181 says the
> > NODATA reply replaces the delegation records in the resolver's cache. This
> > means that if a client explicitly asks for the NS records of a zone that
> > lacks them, resolution for other records in the zone will subsequently
> > fail.
>
> Ah, there you have it. So then it _is_ required. Kevin’s point also
> points in that direction.
>
> Is there somewhere in a later spec where this is stated explicitly, then?
Though RFC 1034/1035 are a point for DNS that obsoleted some preceding
RFCs and other documentation and they are quite comprehensive, there are
things that they have missed. Something that comes to mind is the
definition of hostnames. Remember that DNS evolved to RFC 1034/1035. It
didn't begin there, so if something is not clear, there are documents
preceding it which may be obsolete but can contain useful information
and justification.
For this topic of NS at apex, there is some mention of it in RFC 883:
Note that there is one special case that requires consideration
when a name server is implemented. A node that contains a SOA RR
denoting a start of zone will also have NS records that identify
the name servers that are expected to have a copy of the zone.
(The word "will" cannot be strictly assumed to have RFC 2119 meaning,
but it's clear that it's expected.)
There's mention of it in RFC 882 where it says an NS record is necessary
because an authority for the zone is expected to answer for a query for
NS information of the zone.
If all else fails in explaining something, there's also the old saying -
"Do what BIND does". :-)
Mukund
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
