[dns-operations] Short NS record names

Peter Koch pk at DENIC.DE
Sun May 15 20:23:09 UTC 2011

On Wed, May 11, 2011 at 04:14:16PM +0200, PASZTOR Miklos wrote:

>  1. There is no need to look up any delegated zone (e.g. nic.hu) when
>     resolving ns1.nic.hu.

first instance will be part of the aditional section in the referral
response, fed from the glue data in the root zone. Later occurences will
happen rarely, depending on the TTL in the zone and the TTL of the glue RRs.

>  4. If you sign your zone you can sign these records straight in .hu, no
>     need to have a secure delegation to nic.hu. (This speeds up validation
>     as well.)

When you're moving to DNSSEC, the names of the name servers become less
important, so I'd see no benefit in validating the A/AAAA RRSets for these.

>  Now I wonder if there are any disadvantages. I don't see any.

Except for the one name server feature mentioned already, I don't see
any immediate disadvantage. However, I also do not believe that the
properties you listed really achieve much to count as real advantages.


More information about the dns-operations mailing list