* Mark Andrews:

>>>    Another note is that the answer to the NS query, unlike the referral
>>>    sent when the question is a full qname, is in the Answer section, not
>>>    in the Authoritative section.  It has probably no practical
>>>    consequences.
>> 
>> Most resolvers do not make NS queries, and some authoritative servers
>> do not return useful data (or any data at all).  So using NS queries
>> for zone cut discovery does not work reliably.
>
> Any resolver that is DNSSEC aware will make NS queries (whether
> validating or not).

Really?  Where is this mentioned in the protocol RFCs?

> Nameservers that fail to handle NS queries are broken.  More NS
> queries would be good for the overall health of the DNS as it would
> flush out the broken servers.

Sure, but in practice, no one wants to be the person who exerts this
perssure on zone publishers.

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to