Why do some parent NSs "lie" about delegation records?
LConrad at Go2France.com
Wed Jan 7 13:45:33 UTC 2004
> > Len
> Len the "honest" answer above is a lie. The parent has
> glue NS records.
It "has" them (in its zone file and zone data), and so ANSWERs with them.
(I don't care what they are called ("glue NS" in the parent NS or "zone
data" in the auth DNS), (and of course I know what delegation and glue
records are (vs zone data), and which NS has them).
>The real NS records for the zone are those from the child zone.
(this point is beside the point of my "lie" question: the zone NS records
are locally administered and in practice NOT as credible, are prone to
local admin errors than are the parent NS glue records, which have been
"filtered" through "host registration" process to arrive at the registry
and into the parent NSs. While technically, the auth DNS answers 'aa' for
the NS query, in practice the non 'aa' NS records received the zone parent
are more accurate, and predominantly the records actually used by resolvers)
My questions remain: why the different behaviors and is there a BIND param
for the behavior?
http://MenAndMice.com/DNS-training : London; San Jose; Chicago
http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
More information about the bind-users