On Tue, 27 Jul 2021, John R Levine wrote:
Well, OK. How about this?foo.example NS ns.bar.example ns.foo.example AAAA 2001:0DB8:0000:000b::1 bar.example NS ns.abc.example ns.bar.example AAAA 2001:0DB8:0000:000b::2 abc.example NS ns.def.example ns.abc.example AAAA 2001:0DB8:0000:000b::3 def.example NS ns.foo.example ns.def.example AAAA 2001:0DB8:0000:000b::4 (I would have gone all the way to ns.xyz.example but it's tine for bed here)We don't try to make NS loops work across zones, so I don't see the point of sorta kinda trying to make them work sometimes.
You still mis thepoint. In the case of def.example needing ns.foo.example, the server can just check if it has glue for ns.foo.example. It does, so it returns it. It is not going to check whether or not this is a silly loop to .xyz.example or beyond. There is no point in knowing that. It has an NS record pointing to X. It has a glue record for X. So it includes the glue record X.
It's kinder to make stuff just fail so people fix it than to make it sometiemes work, depending on what version of what software people's multicasted queries happen to land on.
This is outside the scope of the document. Most DNS server will just check if they have glue, and if so include it. The draft now makes a statement on that glue - if it does not fit, set TC=1. Paul _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
