Stealth NS records

Darcy Kevin (FCA) kevin.darcy at
Tue Apr 3 21:42:08 UTC 2018

"Stealth" implies something that isn't seen in the normal course of activity, so it's really the *wrong* word to use here, since the apex NS records are seen during normal iterative resolution, and in fact the apex NS records take precedence over the delegated NS records in the sense of RFC 2181 data-ranking. So, to call them "stealth" seems mistaken, and misleading.

A better term than "stealth NS" would be "mismatched NS". From an integrity-check perspective, IMO the mismatch condition should be flagged as questionable if the apex NS records are a superset of the delegated ones, and worrisome if completely disjoint.

															- Kevin

-----Original Message-----
From: bind-users <bind-users-bounces at> On Behalf Of Matus UHLAR - fantomas
Sent: Friday, March 30, 2018 4:27 AM
To: bind-users at
Subject: Re: Stealth NS records

On 30.03.18 15:44, PANG J. wrote:
>I saw a zone check on shows,
>Stealth NS records were sent:
>So what's a stealth NS record?

maybe I could explain more deeply if you have sent the domain.

Matus UHLAR - fantomas, uhlar at ;
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...
Please visit to unsubscribe from this list

bind-users mailing list
bind-users at

More information about the bind-users mailing list