[dns-operations] Reporting glue as authoritive data -- Bug!

[Joe Abley]

On 25-Jan-2008, at 09:38, Edward Lewis wrote:

> Although I work for the company that bought up Ultra, I didn't know
> they were doing this until Monday.  Independently, and now
> ironically, I was about to suggest the IETF document responses that I
> have personally labeled 'hybrid' - combination answer and referral.

I think some of the differences in behaviour between BIND9/NSD and the  
NUS DNS implementation are operationally problematic, and perhaps  
deserve some attention.

I see these kinds of problems escalated towards Afilias through  
Afilias registrars, and so there's a selfish component in wanting  
these differences to be better-characterised; having said that, I  
think this is also of general interest, hence this message.

The NUS practice of exposing glue in the answer section causes  
troubleshooting headaches, especially in the case where a single zone  
is served by an NS set which includes NUS, NSD and BIND9 servers (like  
ORG).

I don't know whether the answer is to do nothing, to endorse both  
approaches as being reasonable, to specify that just one approach is  
right, or to somehow fix resolvers so that they continue to follow the  
delegation even if glue corresponding to the IN/A query appears in the  
answer section of the response, but it does seem to me that the  
current state of affairs is irritatingly ambiguous.


Joe