On Wed, 28 Jul 2021, Joe Abley wrote:
Do you want dns servers to spend extra CPU power to lookup whether this is a
“non-functional” glue case instead of spending less CPU just looking if it has
a glue record and adding it?
I'm not sure I understand your argument about what is more work for the
authority server.
Checking whether a referral targets nameservers whose owner name is below the
zone cut seems straightforward.
If the zone example contains amongst other content:
foo.example. IN NS ns0.foo.example.
foo.example. IN NS ns0.bar.example.
ns0.foo.example. IN A 1.2.3.4
ns0.bar.example. IN A 1.2.3.5
Then for the DNS server returning an NS query for foo.example, it is
easy to either:
1) return ns0.foo.example's A record
or
2) return ns0.foo.example and ns0.bar.example. A records`
What is harder to do is determining whether it should or should not
include ns0.bar.example's A record based on whether it is "needed" or
not, as there are various kinds of loops possible.
This is work that authority-only servers already do.
I think I agree, that auth-only servers already do 1) or 2)
I don't see where the "extra CPU power" you are talking about comes from.
To determine if the glue you know you have is "needed or not".
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
