Stealth NS records
Darcy Kevin (FCA)
kevin.darcy at fcagroup.com
Tue Apr 3 21:42:08 UTC 2018
"Stealth" implies something that isn't seen in the normal course of activity, so it's really the *wrong* word to use here, since the apex NS records are seen during normal iterative resolution, and in fact the apex NS records take precedence over the delegated NS records in the sense of RFC 2181 data-ranking. So, to call them "stealth" seems mistaken, and misleading.
A better term than "stealth NS" would be "mismatched NS". From an integrity-check perspective, IMO the mismatch condition should be flagged as questionable if the apex NS records are a superset of the delegated ones, and worrisome if completely disjoint.
From: bind-users <bind-users-bounces at lists.isc.org> On Behalf Of Matus UHLAR - fantomas
Sent: Friday, March 30, 2018 4:27 AM
To: bind-users at lists.isc.org
Subject: Re: Stealth NS records
On 30.03.18 15:44, PANG J. wrote:
>I saw a zone check on intodns.com shows,
>Stealth NS records were sent:
>So what's a stealth NS record?
maybe I could explain more deeply if you have sent the domain.
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
More information about the bind-users