>> > Child-centric resolver: a DNS resolver which will replace, in its >> > memory, the NS RRset and glue records obtained from the parent, by >> > data from the authoritative servers of the zone they belong to. This >> > is the proper behaviour (but note that a resolver MUST re-check from >> > the parent at some interval, to avoid "phantom domains"). >> >> Hmm. >> >> Firstly, isn't this "child-centric resolver" / "parent-centric >> resolver" simply an euphemism papering over the more distinct >> "correctly" and "wrongly" implemented resolver? > > No. This can only happen if changes in nameservers are mis-manged. > All nameserver for a zone are supposed to serve the same content > "new" and "old" with differences only while the zone is waiting to > be transfered. Just because lots of people just change the NS RRset > without ensuring that the zone content remains consistent doesn't > mean that it is right.
This assumes that the new and old both collaborate in orchestrating a tidy transfer of authority for the zone, and is something which requires extra effort both by the new and old operators/owners. I would have thought that the old operator frequently has no incentive to collaborate in this process, and sometimes the new operator also doesn't have an incentive to alert the old one that he's moving to take over responsibility for the zone in question. I therefore think that insistence that this is the only correct way to do things won't neccessarily make it common practice, and therefore ignores reality. >> Secondly, let me re-formulate that other part. I thought this is >> rather a matter of properly letting the NS RRset expire from the >> cache, and not use the cached and soon-to-expire NS RRset to re-fetch >> the child NS RRset, but that instead the NS RRset needs to be >> re-fetched from the parent zone before subsequently possibly >> overriding that with new authoritative information from one of the >> (possibly new) child name servers, since the domain can have been >> re-delegated in the mean time. > > There is nothing wrong with refreshing RRsets provided the zone is > being properly managed. I think this ignores common practice. Again: insisting that there is a correct way and dismiss anything else as "you got what you lot asked for" doesn't neccessarily make the "correct way" common practice. Is it your opinion that it's perfectly fine for a "child-centric" resolver to become ~forever stuck with the old set of name servers for a zone in the scenario sketched here earlier? Best regards, - HÃ¥vard _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
