It appears that Paul Wouters <p...@nohats.ca> said: >On Tue, 27 Jul 2021, John R Levine wrote: > >> Well, OK. How about this? >> >> foo.example NS ns.bar.example >> ns.foo.example AAAA 2001:0DB8:0000:000b::1 >> >> bar.example NS ns.abc.example >> ns.bar.example AAAA 2001:0DB8:0000:000b::2 >> >> abc.example NS ns.def.example >> ns.abc.example AAAA 2001:0DB8:0000:000b::3 >> >> def.example NS ns.foo.example >> ns.def.example AAAA 2001:0DB8:0000:000b::4 >> >> (I would have gone all the way to ns.xyz.example but it's tine for bed here) >> >> We don't try to make NS loops work across zones, so I don't see the point of >> sorta kinda trying to make them work sometimes. > >You still mis thepoint. In the case of def.example needing >ns.foo.example, the server can just check if it has glue for >ns.foo.example. It does, so it returns it. It is not going to >check whether or not this is a silly loop to .xyz.example or >beyond. There is no point in knowing that. It has an NS record >pointing to X. It has a glue record for X. So it includes the glue >record X.
OK, so I ask for foo.example and I get ; answer foo.example NS ns.bar.example ; additional ns.bar.example AAAA 2001:0DB8:0000:000b::2 Does it check that's the right value for ns.bar.example? How about with DNSSEC? I suppose I still don't see the benefit of trying to make some loops work when we know that we can't make cross-zone loops work. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
