>> "A lame delegation is said to exist when one or more authoritative >> servers designated by the delegating NS RRset or by the child's apex >> NS RRset answers non-authoritatively [or not at all] for a zone". >> >> ... without the "or not at all" part (so, an answer is required for >> "lameness").
I'm agreeing with the above, and think it is a precise description of the term under discussion. > I don't think that is complete. I disagree. > If all the parental NS records point to properly working > nameservers, but the authoritative nameservers claim an > additional NS record, I would also call the delegation > lame. In that case (and no other conditions given), I would simply call the delegation inconsistent. As has been said elsewhere, many recursors will let the NS RRset from one of the authoritative name servers for the child zone override the NS RRset received from one of the name servers of the parent zone. However, at this point in the description, the "additional" name server *could* be have been configured to serve the zone, and nothing untoward would happen operationally as a result. However, the delegation would still be inconsistent. > Especially if that additional nameserver specified in the > authoritative NS RRset is responding non-authoritatively. Then that response will be an indication that the delegation to that name server would be characterized as being "lame" (even though the corresponding NS record doesn't come from the parent zone; this is covered by the quoted text above). > This might not be lame on the initial queries, but if the > resolver is child centric or validating, that broken > authoritative NS will end up getting queried and a lame answer > would be given. Correct. > How about: > > "A lame delegation is said to exist when the NS RRset of a zone is > different at the parent and child nameservers, with the mismatched > authoritative servers either listed at the parent or child answering > non-authoritatively for that zone." I don't think this is a good definition because to me this over- focuses on the "inconsistent" aspect, and it is not so that every inconsistent delegation includes an instance of a lame delegation. On the other hand, you can have a perfectly consistent delegation (NS RRsets from parent and child zone are identical), but still have an instance of a lame delegation because one of the delegated-to name servers answers non-authoritatively for the zone in question. I think the quoted definition at the top of this message more precisely describes my perception of the term. And, yes, I think that you need to get a (non-authoritative) response in order to say that the delegation of a given zone to a given name server is lame. Regards, - HÃ¥vard _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
