On Mon, Apr 03, 2023 at 05:44:04PM -0400, Viktor Dukhovni wrote: > I believe that the most natural perspective is from the view point of a > resolver attempting to classify a (non?)response to a query sent to an > authoritative server.
Another way of thinking about this perspective is that, e.g., a delegation response from a.gtld-servers.net (.COM nameserver) that returns some set of nameservers for "example.com.": ; ANSWER ; AUTHORITY example.com. IN NS ns1.provider.net. example.com. IN NS ns2.provider.net. is a valid delegation response (and so not from this perspective a LAME delegation), whether or not the target servers actualy serve the zone. A LAME delegation (response) happens when "ns1" or "ns2" respond to queries with yet another (e.g. self) delegation that does not move the resolver closer to the target: ; ANSWER ; AUTHORITY example.com. IN NS ns1.provider.net. example.com. IN NS ns2.provider.net. A resolver would then report a LAME delegation EDE (once defined) accordingly, based on non-progress. If there's a failure at the ".COM" layer, it falls outside the DNS protocol, and veers into questions of intent and operator competence, questions of authority and responsibility to keep data up date, ... Any protocol failure is with ns1/ns2 whether or not it is administratively their operator's *fault*. -- Viktor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop