[dns-operations] NS records in Authority for NOERROR responses

Paul Vixie paul at redbarn.org
Thu Sep 3 14:25:02 UTC 2015



Andrew Sullivan wrote:
> On Thu, Sep 03, 2015 at 05:44:07AM -0700, Paul Vixie wrote:
>> ...
>>
>> but no, it's not relied upon. the system will work without it. this adds
>> robustness, no more.
>
> I agree, but I'll note that RFC 5452 (in section 6) reiterates the
> advice only to accept in-domain records.  If people follow that
> advice, then the failure to include these NS records in NODATA answers
> could actually result in more queries, because the server might decide
> to check the NS set before accepting the answer.  I rather doubt
> anyone would do this, but it is strictly what the advice implies.

you're right. some document should say "it's strongly recommended, and
<above> is why."

-- 
Paul Vixie



More information about the dns-operations mailing list