On Tue, Feb 21, 2023 at 11:49:40AM +0100, Ralf Weber wrote: > > This leaves 6,466 cases to examine more closely: > > > > 1. 3,773 are in complete agreement with the authoritative A/AAAA > > records. > > > > 2. 1,447 have authoritative A/AAAA records completely distinct > > from the sibling glue. > > > > 3. 1,414 return NXDOMAIN from the auth zone! > > > > 4. 74 return NODATA from the auth zone for both A and AAAA! > > > > 5. 213 return SERFAIL from the auth zone A and AAAA lookups. > > > > Of the above, case "1" could perhaps reduce latency, but is otherwise > > redundant (modulo exceedingly rare cyclic depedendencies). > > These “rare” cases where the domain is not resolvable when a glue is not > present are the ones this draft is done for. So did you look how rare > they were in your dataset? Being able to resolve instead of not resolving > IMHO has value even if the number is not big.
Sure, there is *almost* one loop: tsort: -: input contains a loop: tsort: frogsoft.org. tsort: frogid-server.org. In the form of: frogsoft.org. IN NS frogid-server.org. frogid-server.org. IN NS frogsoft.org. frogid-server.org. IN NS atelier-frogsoft.org. atelier-frogsoft.org. IN NS frogid-server.org. atelier-frogsoft.org. IN NS ns344725.ip-37-187-251.eu. ; frogsoft.org. IN A 37.187.251.101 frogid-server.org. IN A 213.186.33.5 atelier-frogsoft.org. IN A 5.39.70.108 but the loop is not fully closed, because the ".eu" NS host is live and returns: atelier-frogsoft.org. IN A 37.187.251.101 The remaining glue IPs are either timing out or returning REFUSED, so again, on the whole, the glue is worse than nothing. > We all know that a lot of data in the DNS is garbage, that should not > stop us from using the good data. Sure, if the garbage were harmless, but, more frequently than not, the sibling glue is worse than ignoring it and resolving the nameserver addresses explicitly. The basic problem is that largely nobody is minding the sibling glue, it just rots away, while "child-centric" resolvers may do well by discarding it. The case for resolving loops is particularly weak, perhaps someone wants to instead motivate this based on the occasional success for the otherwise non-resolving names? (I am still not convinced...) Let the domain owners fix the garbage. We don't need to bend over backwards serving muck just because some users are lazy. That only delays the inevitable breakage, nobody is minding the farm. -- Viktor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop