[dns-operations] All NSs for a TLD being in the TLD itself

Jaap Akkerhuis jaap at NLnetLabs.nl
Tue Oct 29 10:18:30 UTC 2013


    On 29 Oct 2013, at 09:24, Calvin Browne <calvin at orange-tree.alt.za> wrote:
    
    > I'm going to point out that .se went down because of a problem
    right at this point relativly recently.

    IIRC, that problem had nothing to do with whether the TLD's NS
    RRset was in the zone or not. Something went wrong with zone
    file generation and that RRset got corrupted somehow. [When the
    authoritative NS RRset gets mangled, it doesn't matter if the
    targets of those NS records are inside or outside the zone.]
    Things still worked (sort of). The delegation info at the root
    was unchanged and valid. Resolvers got referrals to the
    authoritative .se name servers even though those servers might
    not have had NS records in the .se zone itself.

If I remember correctly, the whole mess was augmented by all these
resolvers which thought that SE had a delegation only policy. When
the name servers became in balliwick ...

	jaap



More information about the dns-operations mailing list