On 2/1/24 13:55, Havard Eidnes wrote:
Stupid question time:
The target of a DELEG alias cannot be stored in the child
zone. It would not resolve if you do.
Doesn't this mean that we can never get to an environment where
there only exists DELEG records and no NS records, and still have
a working DNS?
DELEG records can contain IP addresses so they can replace NS+glue.
OK, then I don't understand the reasoning behind the claim in the
innermost quote above. What, then, exactly, prevents you from
using a target of the DELEG record into the child zone, if it can
be made equivalent to NS+glue?
The impossibility is only in DELEG alias mode: When used in SVCB-style alias
mode, the record doesn't carry any extra key-value pairs, so you can't include
the IP address hints.
The result would be comparable to a glueless in-bailiwick delegation, leaving
the resolver clueless as to how to proceed ...
Best,
Peter
--
https://desec.io/
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
