[dns-operations] should recursors think there are only delegation data in tld name servers?
paul at redbarn.org
Fri Mar 28 03:01:03 UTC 2014
Paul Wouters wrote:
> On Thu, 27 Mar 2014, Paul Vixie wrote:
>>> Those and the others you quoted are all glue records, not
>>> and no RRSIG's over those records.
>> here's how i checked my work.
> I don't see how that checks your work?
>> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +trace 1s.de mx
>> ;; global options: +cmd
>> . 15714 IN NS a.root-servers.net.
>> ;; Received 228 bytes from 126.96.36.199#53(188.8.131.52) in 429 ms
> How did google DNS get into this picture?
that's the resolv.conf for the vm i ran "dig +trace" on. as you can see,
this is how the root name server set is discovered.
> I do get an RRSIG for the mx of 1s.de, despite a lack of NS records.
> But you wrote:
did you not see the 1s.de MX example contained in the JSON? when i saw
the A RR's in my first example, i decided to check for a data type that
is never glue. so, yes, some of those records were glue. some were
authoritative, signed-in-the-TLD. i consider both to be acceptable.
More information about the dns-operations