[knot-dns-users] minimal responses (was: Re: Knot DNS 2.0.1 patch release)

Robert Edmonds edmonds at debian.org
Wed Sep 2 19:17:47 CEST 2015


Jan Včelák wrote:
> - We have decided to remove NS record from the Authority section for NOERROR
>   responses. We used to put these records there because BIND and NSD did it.
>   But these records are not required by any RFC and just increase the size of
>   the response.

Hi,

It looks like this code has just been deleted.  I wonder if it could
instead be made into a tunable, defaulted to off?  Maybe even with the
conditional wrapped in unlikely().

I can certainly see how apex NS records in the authority section is not
particularly useful for root or TLD servers, but it's occasionally
useful for "leaf" zones to speed up the propagation of updated NS
records, due to the trust ranking rules in RFC 2181 §5.4.1.

I also know of at least one more DNS server (rbldnsd) that has this
behavior as a tunable run-time option.

-- 
Robert Edmonds
edmonds at debian.org


More information about the knot-dns-users mailing list