[dns-operations] should recursors think there are only delegation data in tld name servers?
Paul Vixie
paul at redbarn.org
Fri Mar 28 03:01:03 UTC 2014
Paul Wouters wrote:
> On Thu, 27 Mar 2014, Paul Vixie wrote:
>
>>> Those and the others you quoted are all glue records, not
>>> authoritative,
>>> and no RRSIG's over those records.
>>
>> here's how i checked my work.
>
> I don't see how that checks your work?
>
>> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +trace 1s.de mx
>> ;; global options: +cmd
>> . 15714 IN NS a.root-servers.net.
> [...]
>> ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 429 ms
>
> How did google DNS get into this picture?
that's the resolv.conf for the vm i ran "dig +trace" on. as you can see,
this is how the root name server set is discovered.
>
> I do get an RRSIG for the mx of 1s.de, despite a lack of NS records.
> But you wrote:
did you not see the 1s.de MX example contained in the JSON? when i saw
the A RR's in my first example, i decided to check for a data type that
is never glue. so, yes, some of those records were glue. some were
authoritative, signed-in-the-TLD. i consider both to be acceptable.
More information about the dns-operations
mailing list