> On Jan 27, 2015, at 4:07 AM, Marek Vavruša <marek.vavr...@nic.cz> wrote: > > Hi, I was wondering if there's any operational benefit in including > records other than direct answer in resolver responses [1]? For > example, some recursors return authoritative NS records, SOA, glue, > etc., and some servers scrub them. I have utterly failed in finding > anything in the related RFCs to back this up, so I guess it's up to > implementors. > > My reasoning is that the end user rarely needs anything but the direct > answer, maybe additional address records for MX, NS and such. But > presuming that most of the resolver traffic is 'IN A > www.populardomain.com'-like, and a lot of traffic originates from > congested mobile networks, it makes sense to me to return only minimal > possible responses. > Or am I wrong? > > - Marek > > [1] With the exception of SOA for NODATA and DNSSEC-related data.
The original reasoning was to save round trip times and network bandwidth. This does not hold any more as Dan Kaminsky showed us how to use extra data as cache poison via forged answers. In DNS referrals there is value for extra data when name servers are below the zone cut. In no other situation do I see value for application to see anything that is not in the first NON-empty response section. (i.e. either Answer or, Authority) I have been thinking about shortening MX answers by only include the Answer section and violate the server side processing of additional records. If Florian and Tony are right then that should be harmless. As in most cases these days mail servers are outside the domain. Olafur _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs