[dns-operations] Multiple A/AAAA RRs associated with an NS RR

Robert Edmonds edmonds at isc.org
Fri May 3 22:46:01 UTC 2013


John Kristoff wrote:
> I'm curious if anyone is aware of, or can envision, any actual problems
> or real benefits with this A/AAAA overloading, for a lack of a better
> term since I'm not sure what to call it.

i'd call it normal behavior explicitly described by the RFC:

    The resolver always starts with a list of server names to query
    (SLIST).  This list will be all NS RRs which correspond to the
    nearest ancestor zone that the resolver knows about.  To avoid
    startup problems, the resolver should have a set of default servers
    which it will ask should it have no current NS RRs which are
    appropriate.  The resolver then adds to SLIST all of the known
    addresses for the name servers, and may start parallel requests to
    acquire the addresses of the servers when the resolver has the name,
    but no addresses, for the name servers.

this probably only matters for zones with a large number of nameservers.
look at, e.g., zen.spamhaus.org.  that zone has 66 IPv4 nameservers, but
22 NS records.  doing it that way probably reduces the probability of
truncation, and reduces the overall size of responses.

-- 
Robert Edmonds
edmonds at isc.org



More information about the dns-operations mailing list