> On 25 Feb 2015, at 08:58, Stephane Bortzmeyer <bortzme...@nic.fr> wrote: > > I'm not sure they appear in a RFC. They are commonly used (see for > instance <https://mex.icann.org/ar/file/22921/download/23075>) when > discussing resolvers' behaviour. > > Let me suggest: > > Child-centric resolver: a DNS resolver which will replace, in its > memory, the NS RRset and glue records obtained from the parent, by > data from the authoritative servers of the zone they belong to. This > is the proper behaviour. > > Parent-centric resolver: a DNS resolver which will keep in memory the > NS RRset and glue records obtained from the parent, despite the fact > it is non-authoritative. This is bad practice.
This is my understanding of the terms too. However in the child-centric case this can cause problems when the NS set held by the parent changes (i.e. the zone is redelegated) but the NS set in the old set of servers isn't also updated. Such a child-centric resolver may completely fail to notice the redelegation. Olafur has done a lot of work categorising this behaviour - the above is similar to slide 4 in his deck from your link, but doesn't even require DNSSEC for it to be a problem. Ray _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
