[dns-operations] NS records in Authority for NOERROR responses

[Paul Vixie]

Jan Včelák wrote:
> Mark Andrews wrote:
>> Returning NS records also helps when the parent servers also serve
>> the child zone and the two sets of servers differ.  Without NS
>> records being returned you would never ask any server but the parent
>> servers.
>
> I agree. But again, this applies to insecure zones. With DNSSEC, you
> would find out easily that there is a zone cut.

sure, but under what conditions would a validating resolver decide to
query for the apex NS?

-- 
Paul Vixie