Here's one example, 0124.org which has five in-domain name servers with glue:
You're right, that's what it does but it also seems seriously wrong.
$ for sz in `seq 604 16 700`; do echo -n "BUFSIZE $sz " ; dig +norec +ignore +dnssec +bufsize=$sz @199.19.57.1 0124.org | grep ';; flags:' ; done BUFSIZE 604 ;; flags: qr tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 BUFSIZE 620 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 1
This domain has five NS, but the client only has the IP address of the first one. If that first one doesn't respond, what happens? It can't query any of the others because it doesn't have any of the addresses and it doesn't have any way to ask for them.
What's the point of having more than one NS if clients can only find one of them?
Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
