[dns-operations] NS records in Authority for NOERROR responses

Jan Včelák jan.vcelak at nic.cz
Fri Sep 4 07:49:03 UTC 2015

Mark Andrews wrote:
> Returning NS records also helps when the parent servers also serve
> the child zone and the two sets of servers differ.  Without NS
> records being returned you would never ask any server but the parent
> servers.

I agree. But again, this applies to insecure zones. With DNSSEC, you
would find out easily that there is a zone cut.

Robert Edmonds wrote:
> Maybe you have to keep a BIND server around alongside your Knot fleet
> in case you want to retain this capability ;-)

Evidently, there are use cases for the NS inclusion. We will reconsider
and might add a compile time or a run time option. Just wait for a while
before installing BIND... ;-)

Best regards,


More information about the dns-operations mailing list