[knot-dns-users] minimal responses

Jan Včelák jan.vcelak at nic.cz
Thu Sep 3 13:53:43 CEST 2015


Hello Robert,

Robert Edmonds wrote:
> Jan Včelák wrote:
>> - We have decided to remove NS record from the Authority section for NOERROR
>>   responses. We used to put these records there because BIND and NSD did it.
>>   But these records are not required by any RFC and just increase the size of
>>   the response.
> 
> It looks like this code has just been deleted.  I wonder if it could
> instead be made into a tunable, defaulted to off?  Maybe even with the
> conditional wrapped in unlikely().

yes, the code was deleted.

> I can certainly see how apex NS records in the authority section is not
> particularly useful for root or TLD servers, but it's occasionally
> useful for "leaf" zones to speed up the propagation of updated NS
> records, due to the trust ranking rules in RFC 2181 §5.4.1.

I haven't thought about this. This might be indeed useful. On the other
hand, why NS and not any other RR type? I think this is really single
purposed and I'm not convinced (at the moment) that this is worthy of
adding an option.

My DNS operational experience are quite limited in this area. Can anyone
confirm that this use case is really valid?

Best Regards,

Jan


More information about the knot-dns-users mailing list