[dns-operations] why does that domain resolve?
Viktor Dukhovni
ietf-dane at dukhovni.org
Sat Jun 5 20:11:43 UTC 2021
On Sat, Jun 05, 2021 at 06:11:06PM +0000, Paul Vixie wrote:
> On Sat, Jun 05, 2021 at 05:05:54PM +0200, A. Schulze wrote:
> > ... What are NS records good for, if for $reason no resolver implement step 3.5:
> >
> > 3.5 The resolver ask of the glue-NS for "house.xa." NS to get a authoritative
> > list of "house.xa." NS
>
> I expect these NS RRs to become visible in any validating full resolver that
> implements QNAME Minimization. that's not a protocol change.
That does not always work, and may work even less often in the future,
because:
* If the query is at the zone apex (e.g. gmail.com MX lookup), then
no NS query is issued at the final zone cut, since it is also the
final qname, and the RRtype is then from the actual question.
* Once 7816bis is published and adopted (last call at the moment),
the queries used for qname minimisation will typically be "A",
rather than "NS".
--
Viktor.
More information about the dns-operations
mailing list