[dns-operations] should recursors think there are only delegation data in tld name servers?

Paul Vixie paul at redbarn.org
Fri Mar 28 02:20:15 UTC 2014 


Paul Wouters wrote:
>
> Those and the others you quoted are all glue records, not authoritative,
> and no RRSIG's over those records.

here's how i checked my work.

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +trace 1s.de mx
;; global options: +cmd
.                       15714   IN      NS      a.root-servers.net.
.                       15714   IN      NS      b.root-servers.net.
.                       15714   IN      NS      c.root-servers.net.
.                       15714   IN      NS      d.root-servers.net.
.                       15714   IN      NS      e.root-servers.net.
.                       15714   IN      NS      f.root-servers.net.
.                       15714   IN      NS      g.root-servers.net.
.                       15714   IN      NS      h.root-servers.net.
.                       15714   IN      NS      i.root-servers.net.
.                       15714   IN      NS      j.root-servers.net.
.                       15714   IN      NS      k.root-servers.net.
.                       15714   IN      NS      l.root-servers.net.
.                       15714   IN      NS      m.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 429 ms

de.                     172800  IN      NS      f.nic.de.
de.                     172800  IN      NS      z.nic.de.
de.                     172800  IN      NS      a.nic.de.
de.                     172800  IN      NS      n.de.net.
de.                     172800  IN      NS      s.de.net.
de.                     172800  IN      NS      l.de.net.
;; Received 337 bytes from 202.12.27.33#53(202.12.27.33) in 858 ms

1s.de.                  86400   IN      MX      10 mail.lf.net.
de.                     86400   IN      NS      a.nic.de.
de.                     86400   IN      NS      f.nic.de.
de.                     86400   IN      NS      l.de.net.
de.                     86400   IN      NS      n.de.net.
de.                     86400   IN      NS      s.de.net.
de.                     86400   IN      NS      z.nic.de.
;; Received 153 bytes from 194.146.107.6#53(194.146.107.6) in 83 ms

and:

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @n.de.net 1s.de mx +dnssec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63480
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 7, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;1s.de.                         IN      MX

;; ANSWER SECTION:
1s.de.                  86400   IN      MX      10 mail.lf.net.
1s.de.                  86400   IN      RRSIG   MX 8 2 86400
20140403230000 20140327230000 53878 de.
LJPq0bWkJ/1F9Z6kZguy99+NAZsWgusIL6kONa2yJPIS/8KfaeTF44i0
P2PyQ0ZVZhsPivzzhyvbR2Yi1eje3pUMqHsfl6nQFa8O5kmXzNTHvZwn
+RbiVNQbzHZUTd2mjdrYdOvJASGJb2W0Pd+lJNGgBsgJXB2vr6utSm2j cvQ=

;; AUTHORITY SECTION:
de.                     86400   IN      NS      a.nic.de.
de.                     86400   IN      NS      f.nic.de.
de.                     86400   IN      NS      l.de.net.
de.                     86400   IN      NS      n.de.net.
de.                     86400   IN      NS      s.de.net.
de.                     86400   IN      NS      z.nic.de.
de.                     86400   IN      RRSIG   NS 8 1 86400
20140403230000 20140327230000 53878 de.
E9rDoT0uhzkOIarap0VL/15E5DxRQqhthraZ/b5s1QomeoaHU8AKHnR7
yQsAXm9uOrAVIdCCmSI5NzG6c4M89mmFM5hMzS2fwq42S4L9eU2AY4co
jR9pDpTTOrJf83CpQSJyVuBQR+awWti3o8jRyuchy5svl8ZRlf+NO6AI fng=

;; Query time: 88 msec
;; SERVER: 194.146.107.6#53(194.146.107.6)
;; WHEN: Fri Mar 28 02:19:14 2014
;; MSG SIZE  rcvd: 488

More information about the dns-operations mailing list