[dns-operations] ANY efforts at taking additional responses more compact?
Paul Vixie
paul at redbarn.org
Wed Sep 7 08:33:48 UTC 2016
Viktor Dukhovni wrote:
> It occurs to me that for domains with a bunch of in-bailiwick nameservers,
> it might make sense to advertise just a single logical nameserver name
> which carries all the associated A/AAAA records, thereby substantially
> reducing the number of RRSIGs in the additional section ...
the receiver of an NS RRset is entitled to treat each NSDNAME as the
name of a host which may be multihomed, and to treat each AAAA or A
RRset whose owner name corresponds to that NSDNAME as a set of addresses
belonging to that host. therefore if it hears an ICMP message such as
"port unreachable" it is entitled to skip all the other addresses
associated with that NSDNAME.
not all NS RRset receivers behave this way. indeed, many will simply
unroll the NS/AAAA and NS/A chains, and try them all, come what may.
but the non-unrolling behaviour is reasonable and it is compliant and it
has to be taken into account by any name service operator when planning
how to express their multiple available addresses.
--
P Vixie
More information about the dns-operations
mailing list