Hi Shumon, > Do you plan to maintain the parent/child disjoint NS > domain (marigliano.xyz <http://marigliano.xyz>) going forward? And what > about the test > domains for other types of misconfigurations?
Great idea. Let me look into this, will get back to with that. > Did you look at the potential problem of members of the child (or > parent) NS sets emitting different information? I suspect that case > also happens. Yes, section 4 covers this (NSSet parent != NSSet child). We have 4 scenarios, and we always query for the A record of $probeid-$timestamp.marigliano.xyz The trick was to configure different NSes to return different A answers, so we knew which NS answer which query. Is that what you refer? (in the wild, tab1 shows that 2.1M domains in which the A of the NS records from parent and child don't match at all -- that's a diff angle from you question). > Do you have any plans to look at the behavior of the large public > resolvers? That's a good idea, to answer this one, we need to configure the scenarios again. Let me get back to you once I manage to get this setup for other folks to test this too /giovane _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop