On Fri, Apr 10, 2020 at 6:46 AM Shumon Huque <shu...@gmail.com> wrote:
> Hi folks, > > Paul Vixie, Ralph Dolmans, and I have submitted this I-D for > consideration: > > https://tools.ietf.org/html/draft-huque-dnsop-ns-revalidation-01 > > > Comments/discussion welcome. > There is one issue not addressed (here or anywhere else) that is operationally relevant. If a domain's delegation NS set includes name servers that no longer act as authoritative servers for the zone, there is no adequate mechanism to signal to the parent zone or to resolvers that this is a permanent situation. The delegation (re)validation might be a reasonable place to implement something to detect this and adjust the choice of NS on the resolver's cache. (Part of the problem maybe be a "catch 22": the server receiving the query isn't authoritative for the zone, so technically it can't/shouldn't return anything authoritatively.) This might also be viewed (correctly) as a corner case in the RRR model that doesn't get addressed; it seems to happen most frequently if a registrant changes registrars or if a domain lapses, where the previous registrar also acted as DNS operator for the zone. Thoughts? (Not sure if I did justice to the explanation; qv "lame delegation".) Brian
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
