3 Zář
2015
3 Zář
'15
13:53
Hello Robert,
Robert Edmonds wrote:
Jan Včelák wrote:
yes, the code was deleted.
- We have decided to remove NS record from the
Authority section for NOERROR
responses. We used to put these records there because BIND and NSD did it.
But these records are not required by any RFC and just increase the size of
the response.
It looks like this code has just been deleted. I wonder if it could
instead be made into a tunable, defaulted to off? Maybe even with the
conditional wrapped in unlikely(). I can certainly see how apex NS records in the
authority section is not
particularly useful for root or TLD servers, but it's occasionally
useful for "leaf" zones to speed up the propagation of updated NS
records, due to the trust ranking rules in RFC 2181 §5.4.1.
I haven't thought about this. This might be indeed useful. On the other
hand, why NS and not any other RR type? I think this is really single
purposed and I'm not convinced (at the moment) that this is worthy of
adding an option.
My DNS operational experience are quite limited in this area. Can anyone
confirm that this use case is really valid?
Best Regards,
Jan