Thanks for the reference Gio (and Raffaele who also pointed this out to me),
We're citing your paper now in our work-in-progress copy (see https://github.com/shuque/ns-revalidation/commit/5e52689 ), so it will be part of the next version.
-- Willem Op 08-07-2024 om 12:55 schreef Giovane C. M. Moura:
Hi Willem,We've got a peer-reviewed reference[0] that can help back up some of the claims in the draft.``` 2. Motivation There is wide variability in the behavior of deployed DNS resolvers today with respect to how they process delegation records. Some of them prefer the parent NS set, some prefer the child, and for others, what they preferentially cache depends on the dynamic state of queries and responses they have processed. ```Section 4 in [0] covers a bunch of such cases with Ripe Atlas, and we see just that, and section 5 evaluate some resolver software individually. In short: it backs up what you say``` The delegation NS RRset at the bottom of the parent zone and the apex NS RRset in the child zone are unsynchronized in the DNS protocol. Section 4.2.2 of [RFC1034] says "The administrators of both zones should insure that the NS and glue RRs which mark both sides of the cut are consistent and remain so. ```We found 13M of domains having parent/child NSSet inconsistency, from .com, .org, and .net, which amounts to 8% of the total.thanks, /giovane _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
OpenPGP_0xE5F8F8212F77A498_and_old_rev.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
