On Mon, Apr 03, 2023 at 05:44:04PM -0400, Viktor Dukhovni wrote:
> I believe that the most natural perspective is from the view point of a
> resolver attempting to classify a (non?)response to a query sent to an
> authoritative server.
Another way of thinking about this perspective is that, e.g., a
delegation response from a.gtld-servers.net (.COM nameserver) that
returns some set of nameservers for "example.com.":
; ANSWER
; AUTHORITY
example.com. IN NS ns1.provider.net.
example.com. IN NS ns2.provider.net.
is a valid delegation response (and so not from this perspective a LAME
delegation), whether or not the target servers actualy serve the zone.
A LAME delegation (response) happens when "ns1" or "ns2" respond to
queries with yet another (e.g. self) delegation that does not move the
resolver closer to the target:
; ANSWER
; AUTHORITY
example.com. IN NS ns1.provider.net.
example.com. IN NS ns2.provider.net.
A resolver would then report a LAME delegation EDE (once defined)
accordingly, based on non-progress.
If there's a failure at the ".COM" layer, it falls outside the DNS
protocol, and veers into questions of intent and operator competence,
questions of authority and responsibility to keep data up date, ...
Any protocol failure is with ns1/ns2 whether or not it is
administratively their operator's *fault*.
--
Viktor.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
