[dns-operations] NS records in Authority for NOERROR responses

Jan Včelák jan.vcelak at nic.cz
Thu Sep 3 12:13:14 UTC 2015

Hello list,

I'm looking for opinions on the following topic:

In Knot DNS 2.0.1, we have decided to remove NS records from the
Authority section for NOERROR responses. The reason why we were adding
these records into the responses was to be consistent with BIND and NSD.
AFAIK no RFC requires those records to be included. Obviously, the
answers are smaller now because the NS records and glue are gone.

Robert Edmonds had a great remark, that the presence of NS records
speeds up the propagation of updated NS records, due to trust ranking
rules in RFC 2181 section 5.4.1.

I find this very single-purposed. Why NS and not any other RR type?

Is this really a valid use? Is it used in the wild? And does anyone rely
on this functionality?

Thank you.



More information about the dns-operations mailing list