On 5/1/23 23:22, Paul Vixie wrote:
to be a lame _delegation_ means some error or misconfiguration in the server. normally this means it's supposed to be authoritative but the zone expired or the operator forgot or similar.
This, so far, was my understanding of the definition that was given in the other thread, and which Benno labeled (2) in the original post of this thread: "A lame delegation is said to exist when one or more authoritative servers designated by the delegating NS RRset or by the child's apex NS RRset answers non-authoritatively [or not at all] for a zone". ... without the "or not at all" part (so, an answer is required for "lameness").
or there is no server there any more (it was decomm'd or renumbered). icmp host-unreach or port-unreach would be symptoms of that, if you can hear them.
"Responses" like "unreachable" are not answers in the DNS sense. Are they meant to be included in "answer[ing] non-authoritatively" in the definition above, or is "answers non-authoritatively" restricted to DNS anwers (e.g. REFUSED)?
if we need more terms let's invent.
Without asking to invent a term if none exists, I'd like to learn how to call a delegation that points to an NS hostname that does not have an address record (verifiably, e.g. denied by a DNSSEC negative response). Before the discussion, I thought this qualifies as "lame" (because you can tell from the response that there's no DNS service; it's not a timeout), but with the above definition, it can't be called "lame". Thanks, Peter -- https://desec.io/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
