2 Zář
2015
2 Zář
'15
19:17
Jan Včelák wrote:
- We have decided to remove NS record from the
Authority section for NOERROR
responses. We used to put these records there because BIND and NSD did it.
But these records are not required by any RFC and just increase the size of
the response.
Hi,
It looks like this code has just been deleted. I wonder if it could
instead be made into a tunable, defaulted to off? Maybe even with the
conditional wrapped in unlikely().
I can certainly see how apex NS records in the authority section is not
particularly useful for root or TLD servers, but it's occasionally
useful for "leaf" zones to speed up the propagation of updated NS
records, due to the trust ranking rules in RFC 2181 §5.4.1.
I also know of at least one more DNS server (rbldnsd) that has this
behavior as a tunable run-time option.
--
Robert Edmonds
edmonds(a)debian.org