[dns-operations] Another possible .gov validation problem?
Cricket Liu
cricket at nxdomain.com
Sun Feb 13 16:31:49 UTC 2011
On Feb 13, 2011, at 7:33 AM, Brett Frankenberger wrote:
> You don't get NXDOMAIN for DS on infoblox.net because the parent zone
> has NS records for infoblox.net. The issue with pds.nasa.gov is that
> there aren't *any* records in the parent -- no NS or DS records. If
> the appropriate NS records are added, then it will return NOERROR
> rather than NXDOMAIN.
>
> The delegation (NS) records have probably been missing for a long time,
> but, prior to DNSSEC, it's not a significant problem as long as the
> child domain is on the same server as the parent domain.
>
> This is all a side effect of the fact that when a server is
> authoritative for a parent zone and a child zone, queries for DS
> records at the apex of the child zone are answered from the parent
> zone.
Sure, got it now. Thanks!
cricket
More information about the dns-operations
mailing list