If the servers of the daughter zone returns minimal answer, which is legal, then the resolver will not even see the NS records of the zone.
1. The resolver get a request for "www.house.xa. A" and has the NS incl. IP addresses for xa. 2. The resolver sends a request for "www.house.xa. A" to an .xa NS. 3. The .xa NS returns a referral to the NS of house.xa. 4. The resolver send a request for "www.house.xa. A" to an house.xa NS. 5. The house.xa NS returns a minimal answer with "www.house.xa. A 192.0.2.50" in the answer section and no other DNS recorcs. To force the use of NS from the zone the DNS protocal has to be rewritten, and if that is done, why not remove the NS from the zone and make them authoritative records of the parent? Mats -- --- Mats Dufberg [email protected] Technical Expert Internetstiftelsen (The Swedish Internet Foundation) Mobile: +46 73 065 3899 https://internetstiftelsen.se/ On 05/06/2021, 13:44, "dns-operations on behalf of A. Schulze" <[email protected] on behalf of [email protected]> wrote: Am 04.06.21 um 17:52 schrieb A. Schulze: > So I wonder, why do so many resolver [1] obviously do only follow a delegation and ignore authoritative data? Is "being client centric" a candidate for a "dns-flag-day-2022"? Consider .com like to intercept gmail.com. Changing the delegation in .com would be enough. Really? Andreas _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
