Hi Shumon, > The main recommendations in the draft are to: (1) deterministically > prefer the authoritative child NS set over the non-authoritative, > unsigned, delegating NS set in the parent
This was a problem waiting to be addressed for a long time. Thanks for writing this. For what is worth, we have a recent study[0] that measures how resolvers, in the wild, choose when presented with inconsistent NSSets at parent and child. Higher order bits are: - .com,.org, and .net have 8% of second-level domains with != NSSet at parent/child - We classify the impact of these "misconfigurations" in the wild, with controlled experiments, and show that it impacts how queries are distributed among diff NSes --- and minimum response changes the results - We evaluate specific versions of resolvers /giovane [0] https://www.sidnlabs.nl/downloads/53BNt9EPxZQOCHYjqWhYfR/7295d79a207afc79cab6309d40a15a76/When_parents_and_children_disagree_Diving_into_DNS_delegation_inconsistency.pdf _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
