In article <9056955.dJ39pTEj9z@linux-9daj> you write: >On Wednesday, 1 July 2020 09:41:49 UTC Jan Včelák wrote: >> We just opened this discussion internally at NS1 because we serve some >> zones with more than 10 NS records where each NS requires glue and our >> proprietary server by design adds glue only for the first four NS >> records. We are discussing if this is correct behavior if it needs to >> be revisited. > >i think if you're using round robin or random selection, a subset is fine. if >we had to codify this practice, i'd ask that at least two address records of >each available kind be included (so, two AAAA's, two A's) or else set TC=1.
I really don't like this. If you do that, you're going to have failures when there are working servers but none of their addresses happen to be in the glue subset in the response, and without TC=1 there's no hint that there's more glue if you retry. If a response with TC=1 has at least one record in the additional section, that tells the client that the missing records are all glue. So I think it would be OK in that case for the client to use what it's got, but remember that if it can't contact any of the NS with the A/AAAA it's got, it can go back and get the rest. Remember, if it's glue, there's no other way to get it. If it's worth returning glue at all, it's worth providing all of it. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
