[dns-operations] How Recursive Resolvers handle domains re-delegated at the same level

David C Lawrence tale at akamai.com
Thu Jul 10 14:14:32 UTC 2014

Stephen Malone writes:
> I'm looking to understand how recursive resolvers handle DNS domain
> re-delegations at the same level. For example:

Badly.  Sideways delegations are, strictly speaking, undefined
behaviour.  Typically resolvers declare that the original delegation
is lame and will not be able to resolve the domain.

However, your example also does not actually perform a sideways

> =Parent zone: contoso.com=
> @       IN SOA ns1.contoso.com. hostmaster.contoso.com. (...
> Subzone IN NS  ns1.IntermediateNS.com.
> =Intermediate zone: Subzone.constoso.com [on] ns1.IntermediateNS.com.=
> @ IN SOA ns1.IntermediateNS.com. hostmaster.contoso.com. (...
> @ IN NS  ns1.RedelegatedNS.com.

When ns1.IntermediateNS.com gets queried, it will (should) respond
authoritatively with the data from this latter zone.  NS records at
the apex don't cause a delegation.  Thus, presuming the administrator
had left the rest of the zone empty under the impression that
RedelegatedNS.com was going to be handling things, any names within the
zone would all get NXDOMAINs.

More information about the dns-operations mailing list