At Wed, 10 Jan 2018 17:05:00 -0800, Ólafur Guðmundsson <ola...@cloudflare.com> wrote:
> > That is, it answers as if it is authoritative and the DS record does > > not exist. DS-aware recursive nameservers will query the parent zone > > at delegation points, so will not be affected by this. > > > I hate having my own RFC thrown at me, > but it may or may not apply as there is another corner case that I/WG did > not consider, > what if the NameServer is authoritative for a zone above the parent. > In this case it has to select does it answer from the closest zone that can > answer DS record or > from the zone it self. > > In the spirit of being helpful to recursive resolvers the right answer IMHO > is the referral from the > zone above the query name. I'm not sure if I understand you so please let me be more explicit. Are you talking about the so-called grandparent problem case, like the case of this thread? >> The root servers are authoritative for root-servers.net. and for . , but not >> for net and, when this server gets a query for root-servers.net/DS, it should return a referral to net instead of NODATA answer? (If so, I'm confused about what you said above "another corner case that I/WG did not consider", since 2.2.1.2 of RFC3658 actually talks about that corner case). -- JINMEI, Tatuya _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
