[nsd-users] Records below delegation point
Peter Koch
pk at denic.de
Sat Mar 28 05:25:13 UTC 2009
On Fri, Mar 27, 2009 at 01:53:26PM +0100, K Storbeck wrote:
> I'm unsure if this should be considered a bug.
it probably should. "Verbosely ignoring" the extraneous information
would be desirable IMHO.
> It could be perfectly ok for foo.example and bar.example to delegate
> sub.child back to your original "ns1" and "ns2", or directly to
Not really. It's not upon name servers to make these delegations, it's
something that comes from within the (parent) zone. So, it would be
perfect if there were a delegation of sub.child.zone.tld within the
child.zone.tld zone. However, this information does not belong into
the zone.tld zone, simply because it has no authority beyond its zone
cuts.
> It saves most resolvers an extra hop they needn't to bother about.
If these were of concern, one could set up stealth slaves for the
child zones at the name servers authoritative for the parent. However,
with DNSSEC, you'd need the extra hops once again to verify the whole
key chain. And that's a feature, too.
-Peter
More information about the nsd-users
mailing list