[nsd-users] Records below delegation point

Peter Koch pk at denic.de
Sat Mar 28 05:25:13 UTC 2009

On Fri, Mar 27, 2009 at 01:53:26PM +0100, K Storbeck wrote:

> I'm unsure if this should be considered a bug.

it probably should. "Verbosely ignoring" the extraneous information
would be desirable IMHO.

> It could be perfectly ok for foo.example and bar.example to delegate  
> sub.child back to your original "ns1" and "ns2", or directly to  

Not really. It's not upon name servers to make these delegations, it's
something that comes from within the (parent) zone. So, it would be
perfect if there were a delegation of sub.child.zone.tld within the
child.zone.tld zone.  However, this information does not belong into
the zone.tld zone, simply because it has no authority beyond its zone

> It saves most resolvers an extra hop they needn't to bother about.  

If these were of concern, one could set up stealth slaves for the
child zones at the name servers authoritative for the parent.  However,
with DNSSEC, you'd need the extra hops once again to verify the whole
key chain.  And that's a feature, too.


More information about the nsd-users mailing list