[ObDisclaim: I work for the Internet Society, but I'm not speaking for them.]
On Thu, May 21, 2020 at 05:51:37PM -0400, Warren Kumari wrote:
These IPs are only in the ADDITIONAL section - they should not be used as answers.
Are you quite sure they're not getting used as answers though? Are you sure query minimization is on for all cases? If not, you'll ask the parent-side server for the A record and may get an answer, though non-authoritative. The _reason_ you'll get an answer is because of the need for the glue -- it could be that you're asking the question because you didn't have the glue because of TC or something, and so you're coming back and asking explicitly. I know that at least one system that I worked on would definitely respond this way, because under some circumstances it was certainly necessary to be able to give such an answer. The AA bit wasn't set due to the delegation, but you could get the answer by asking for it. A -- Andrew Sullivan a...@anvilwalrusden.com _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
