[dns-operations] a question about the nameservers

Olafur Gudmundsson ogud at ogud.com
Tue Nov 6 18:32:30 UTC 2012 

On 06/11/2012 02:30, zhanglikun wrote:
> <<RFC 2181 section 5.4.1 Ranking data>> says the child side is more
> trustworthy
>
>
>     The accuracy of data available is assumed from its source.
>     Trustworthiness shall be, in order from most to least:
>
>       + Data from a primary zone file, other than glue data,
>       + Data from a zone transfer, other than glue,
>       + The authoritative data included in the answer section of an
>         authoritative reply.
>       + Data from the authority section of an authoritative answer,
>
> Likun
Yes this is true but reality is that most resolver are "lazy" i.e. they 
expect/hope that child's NS will arrive in
an answer from the child. This does not work at all if child name 
servers are using "minimal-answers".
What I have been promoting is that Resolvers explicitly ask a Child 
server for the NS set and store that,
number of resolver implementers resist that because of the one extra 
query this would cause each time a
new domain is discovered.

     Olafur

>> -----Original Message-----
>> From: dns-operations-bounces at lists.dns-oarc.net
>> [mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of Olafur
>> Gudmundsson
>> Sent: Friday, October 26, 2012 10:36 PM
>> To: dns-operations at lists.dns-oarc.net
>> Subject: Re: [dns-operations] a question about the nameservers
>>
>> On 26/10/2012 05:43, Feng He wrote:
>>> Hi,
>>>
>>> If the nameservers in parent is different from the ones in
>>> auth-servers, what will happen?
>>>
>>> For example, with this case you can see the difference.
>>>
>> Take a look at this:
>> https://www.dns-oarc.net/files/workshop-201103/ICANN-SF-Looking-at-D
>> NS-traces.pdf
>>
>> There is difference in how resolvers behave some resolvers will store
>> the first
>> NS set they see and use that one  (Parent centric resolvers)
>> Others will accept NS set from child and over ride the first one (Child
>> centric)
>> If the child use minimal answer may resolvers are forced into
>> Parent centric mode as they NEVER ask the child what its NS set is.
>>
>> There are resolvers out there that use the Parent NS for the first query
>> but
>> explicitly ask one of the name servers in the Parent NS set what the
>> child version is.
>>
>> In short there are multiple behaviors out there and disagreement on what
>> the
>> "correct" behavior is.
>> The child's interest are best served if the Parent and Child NS sets are
>> identical.
>>
>>       Olafur
>>
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-jobs mailing list
>> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

More information about the dns-operations mailing list