[dns-operations] OpenDNS, Google, Nominet - New delegation update failure mode

Vladimír Čunát vladimir.cunat+ietf at nic.cz
Tue Nov 17 07:44:27 UTC 2020


Hello.

First of all, I do hope you won't rely on how implementations do this
(except aspects that are mandatory in standards-track RFCs).  Note that
even the delegation-revalidation draft in its current state plans just
some SHOULDs and no hard obligations:
https://tools.ietf.org/html/draft-ietf-dnsop-ns-revalidation

On 11/17/20 1:09 AM, Doug Barton wrote:
> If anyone from Nominet, or Knot, or other folks who referenced that
> their software is also parent-centric have references, that would be
> helpful as well. 

Knot Resolver developer here.  I'm not aware of any references, but this
list is archived so hopefully that's enough to post the approach we've
been using so far.  We get called parent-centric due to allowing queries
to NSs based on parent-side NS RRs and address glue records - and not
explicitly trying to refresh the child side of them.  Nevertheless, *if*
those child-side records do arrive in some answers (provided that they
are in-bailiwick or DNSSEC-validable), they do get cached and used in
preference for further iteration (rfc2181 ranking).

--Vladimir




More information about the dns-operations mailing list