> What I'm trying to suggest (resolver perspective), is that > questions of responsibility, ... are not something a resolver > can or should attempt to determine. All one can attempt to do > is classify query responses.
Yes, I agree, as far as a recursive resolver is concerned. However, talking about a "delegation being lame" also revolves around the domain owner responsibilities, but have the "resolver- detected" behaviour as background. >> Hmm, in the response to >> >> dig @ns4.bpldns.com. lzd.jshsos.ksyunv5.com. aaaa >> >> I think the only real problem is the absence of the "aa" flag in the >> response, especially since you get it in the response to >> >> dig @ns4.bpldns.com. lzd.jshsos.ksyunv5.com. a > > Well, one would, in fact, expect a delegation to be a non-authoritative > answer: Yes, but one would presume that before any of the two above queries were sent, the recursive resolver already have cached the delegation for jshsos.ksyunv5.com. Therefore, posting a question about a name in that zone to one of the name servers supposedly serving that zone would be expected to elicit an authoritative response, and not a non-authoritative delegation response. Therefore, in this instance, the "lameness" would apparently depend on the queried-for RR type -- the "A" query response looks ~fine (save for the EDNS0 mis-handling), while the "AAAA", "NS" or "SOA" ones do not. >> This smells of a "roll your own" DNS name server implementation which >> doesn't even correctly implement the required minimum of the DNS >> standards. >> >> Clearly, the name lzd.jshsos.ksyunv5.com exists in the DNS name space >> (ref. the "a" response), and the name server being queried here should >> obviously be authoritative for the jshsos.ksyunv5.com zone, so the >> "aa" flag should be set in the reply to the "aaaa" query. > > Definitely, but that's extrinsic knowledge that the resolver can't infer > from just the current query response. Well, yes and no, ref. above -- the resolver should already have the knowledge about the supposed name servers for the zone via the actual delegation from the parent zone, and getting a non-AA response from one of the delegated-to name servers would indicate a problem, and would in my book earn the "lame" label. >> If I'm not terribly mistaken, this sort of mis-behaviour is all too >> common among the CDN crowd, and I dearly wish we could stomp it out. > > Shall we? Please lead the way! A couple of questions: Do we have a spec of what a minimally conformant publishing name server needs to implement? And secondly, do we have any inkling whether all or most of these CDNs use a common codebase, or is it all truly "roll your own"? And if there is a dominant codebase, do we have an inkling what it is? Best regards, - HÃ¥vard _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
