[dns-operations] OpenDNS, Google, Nominet - New delegation update failure mode
Paul Vixie
paul at redbarn.org
Thu Apr 2 21:13:31 UTC 2020
On Thursday, 2 April 2020 21:06:26 UTC Brian Somers wrote:
> FWIW, OpenDNS/Umbrella/Cisco will use the glue to look things
> up and won’t explicitly ask the authority for its own NS record.
>
> However, if we’re asked for an NS record by a client, we’ll lookup
> & return the authoritative answer and that answer will trump the glue.
> We’ll never serve glue to a client.
>
> One of the problems with caching NS records is that you’ve got to be
> careful that you don’t let them keep re-asserting their own presence
> in the cache (by repeating their RRset in the AUTH section every time
> you talk to them). We do *force* their eventual TTL decay, but
> for frequently queried domains, the original glue TTL is *not* honoured
> due to the authoritative RRset trumping it!
sounds like you've implemented section 2 (kewl!) but not yet section 4:
https://www.ietf.org/archive/id/draft-vixie-dnsext-resimprove-00.txt
> This may be what was happening for shopdisney.co.uk...
if so then you may also want to implement section 2.5 (ibid).
--
Paul
More information about the dns-operations
mailing list