On Wednesday, 1 July 2020 09:41:49 UTC Jan Včelák wrote: > ... > > We just opened this discussion internally at NS1 because we serve some > zones with more than 10 NS records where each NS requires glue and our > proprietary server by design adds glue only for the first four NS > records. We are discussing if this is correct behavior if it needs to > be revisited.
i think if you're using round robin or random selection, a subset is fine. if we had to codify this practice, i'd ask that at least two address records of each available kind be included (so, two AAAA's, two A's) or else set TC=1. > I also think there is another proprietary implementation of an > authoritative server in the wild which implements similar policy. It > picks a small random subset of the NS records and adds A/AAAA just for > these names. If the QNAME matches a name in the NS, A/AAAA for that NS > is always included. I find this pretty smart. RRsets shall not be divided. either send all the NS records, or none (TC=1). -- Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
