On 21 May 2020, at 16:07, Warren Kumari <war...@kumari.net> wrote: > What does all of this *mean*? > .. > .. > .. > Sorry, I haven't a clue, other than maybe: > The DNS is weird.
In your experiment it seems clear that all the glue records you are looking for are being returned from the involved authority-only servers in the additional section, and since for the COM zone that's a well-constrained monoculture of software it seems reasonable to imagine that's not where to look. Similarly, by testing using Atlas probes the stub resolver presumably also represents a monoculture (or if there are different versions of probes, there are surely not that many different versions). What remains is the tangle of resolvers, forwarders and proxies that exist between RIPE atlas probes and the authority servers, where there might actually be dragons. Not for the first time, I wish we had something like traceroute in the DNS so that we could isolate those paths rather than simply looking at exit addresses and trying to make inferences from them. I guess for some (apparently decreasing) proportion of those Atlas probes there's at least one dragon between the probe and the COM server that caches additional section glue and is happy to return it as an answer. I don't have any clever ideas about how you'd isolate any particular fictional reptile, however. It'd be interesting to continue this kind of experiment over time and see where the success rate for those queries is trending. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
