On Jul 28, 2021, at 07:51, Ralf Weber <d...@fl1ger.de> wrote: > On 28 Jul 2021, at 5:10, Paul Wouters wrote:
> >> First, as Mark said, sibling glue is sometimes needed. > It is only needed for broken circular dependancies, which we don’t care about. I tend to agree with this. There are a lot of ways a delegation can be non-functional (for example the circle of dependencies can be as big as you like, can incorporate third cousin twice removed glue, etc) and it makes more sense to me to let all of these cases fail rather than incurring the cost of papering over just some of them in the authority server. As many people have pointed out, recursive servers will often ignore Kaminsky-looking glue anyway, so the result of including it is going to be very much like intermittent failures that are painful to diagnose and have the effect of making the DNS less stable. From this perspective it's a greater kindness to all concerned to fail consistently when such configurations are first deployed. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
