[dns-operations] NS records in Authority for NOERROR responses

Jan Včelák jan.vcelak at nic.cz
Fri Sep 4 11:16:34 UTC 2015

On 4.9.2015 12:40, Paul Vixie wrote:
>> Are we still talking about a server, which is authoritative both for a
>> parent and a child zone?
> no, i was referring to the general case.

OK. So in that case your reasoning is right.

I would say, that in general it depends on whether the resolver decides
to blindly trust the glue when following the delegation, or to use the
glue just to fetch the child zone's genuine NS.

>>> the extra round trip per delegation-crossing you're proposing sounds
>>> expensive to me, compared with having the zone include its apex NS RRset
>>> as BIND does today.
>> Yes, it's one more RTT. It will get cached though...
> does any validating recursive server detect this condition and do the
> extra query today?

Honestly, I don't know. I'll have to check. Or does someone else know?

Thank you!


More information about the dns-operations mailing list