On Thu, 3 May 2018 06:12:42 +0000 Amreesh Phokeer <amreesh.phok...@gmail.com> wrote:
> We consider "lame" any NS which is either: > - Not responding at all. > - Responding in some way, but not for the specific domain queried. > - Responding for the correct domain, but without the authority bit set. Friends, I've been referring to a class of problems I call DNS Inconsistency. This can be thought to be a bit broader in scope than what is typically meant by a delegation, but it is related. I'm particularly interested in parent/child NS RRset consistency at the moment and I recently compiled this list of possible NS RR results when considering what may happen as one might try to traverse a graph to a domain name node. Imperfect list, classifications, and severity perhaps, but maybe stimulates more useful discussion than it does detract from it. --- some amount of broken --- error | bad type (e.g. CNAME) error | bad rdata (e.g. IPaddr for NS) error | TTL disagreement in the NS RRset error | DNSSEC validation error error | timeout/unreachable transient (e.g. down time) error | timeout/unreachable permanent (e.g. misconfiguration) query_response | NXDomain query_response | REFUSED query_response | SERVFAIL / FORMERR / NOTIMP / etc... query_response | referral after a referral query_response | aa==0 when aa==1 expected query_response | malicious or incorrect rdata --- properly formed answer, but not yet provably correct --- name | maps to an ipv4addr name | maps to an ipv4addr set name | maps to an ipv6addr name | maps to an ipv6addr set name | maps to an ipv4addr + ipv6addr name | maps to an ipv4addr set + ipv6addr name | maps to an ipv4addr + ipv6addr set name | maps to an ipv4addr set + ipv6addr set John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
