[dns-operations] why does that domain resolve?
Benno Overeinder
benno at NLnetLabs.nl
Mon Jun 7 12:43:53 UTC 2021
On 05/06/2021 20:11, Paul Vixie wrote:
> On Sat, Jun 05, 2021 at 05:05:54PM +0200, A. Schulze wrote:
>> ... What are NS records good for, if for $reason no resolver implement step 3.5:
>>
>> 3.5 The resolver ask of the glue-NS for "house.xa." NS to get a authoritative
>> list of "house.xa." NS
>
> i expect these NS RRs to become visible in any validating full resolver that
> implements QNAME Minimization. that's not a protocol change.
Indeed. In our first QNAME minimisation implementation, we used NS
queries to follow delegations. This worked 99% of the time (well,
almost all, I can't put a number on it). We found that there are
middleboxes that clearly dropped NS queries. So instead we used QTYPE
A/AAAA in QNAME minimisation to follow delegations. With good results.
-- Benno
--
Benno J. Overeinder
NLnet Labs
https://www.nlnetlabs.nl/
More information about the dns-operations
mailing list