* Mark Andrews: >>> Another note is that the answer to the NS query, unlike the referral >>> sent when the question is a full qname, is in the Answer section, not >>> in the Authoritative section. It has probably no practical >>> consequences. >> >> Most resolvers do not make NS queries, and some authoritative servers >> do not return useful data (or any data at all). So using NS queries >> for zone cut discovery does not work reliably. > > Any resolver that is DNSSEC aware will make NS queries (whether > validating or not).
Really? Where is this mentioned in the protocol RFCs? > Nameservers that fail to handle NS queries are broken. More NS > queries would be good for the overall health of the DNS as it would > flush out the broken servers. Sure, but in practice, no one wants to be the person who exerts this perssure on zone publishers. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop