> Hmm, you're right, IF the A records are accepted in the additional section, > true, A records could be added to the RRSET for some of the names. > But frankly speaking, thats "ADDITIONAL", and shouldn't really be accepted at > all, and if the resolver DOES cache it, I'd personally call it a bug.
It may be a bug, but I suspect many existing resolvers will use it. For the priming query, a resolver has to accept glue, it's the purpose of the query ( and a special case ). It might be considered a bug for glue to be sent with a response that is not a referral, except for the priming query. The main (only?) reason for sending the NS RRset in an Authoritative response ( other than as a direct answer to the question ) is in case the client has not yet discovered the zone ( because it's a child zone is hosted on the same server ), and in this case, glue is not required, let alone signed glue. However it could be considered a valid optimization, and it's what most existing implementations seem to do. Anyway, do we yet agree that 1450 is the best default for max-udp-size, and that higher values are dangerous? _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop