Why do some parent NSs "lie" about delegation records?

Len Conrad LConrad at Go2France.com
Wed Jan 7 13:45:33 UTC 2004

> > Len
>         Len the "honest" answer above is a lie.  The parent has
>         glue NS records.

It "has" them (in its zone file and zone data), and so ANSWERs with them.

(I don't care what they are called ("glue NS" in the parent NS or "zone 
data" in the auth DNS), (and of course I know what delegation and glue 
records are (vs zone data), and which NS has them).

>The real NS records for the zone are those from the child zone.

(this point is beside the point of my "lie" question: the zone NS records 
are locally administered and in practice NOT as credible, are prone to 
local admin errors than are the parent NS glue records, which have been 
"filtered" through "host registration" process to arrive at the registry 
and into the parent NSs.  While technically, the auth DNS answers 'aa' for 
the NS query, in practice the non 'aa' NS records received the zone parent 
are more accurate, and predominantly the records actually used by resolvers)

My questions remain: why the different behaviors and is there a BIND param 
for the behavior?


http://MenAndMice.com/DNS-training : London; San Jose; Chicago
http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites

More information about the bind-users mailing list