Re: [DNSOP] [Ext] WGLC rfc8499bis one week extension for lame delegation definition

Joe Abley <> Tue, 02 May 2023 15:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D2399C13AE28 for <>; Tue, 2 May 2023 08:52:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6lzftDnet2hl for <>; Tue, 2 May 2023 08:52:41 -0700 (PDT)
Received: from ( []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 3F81EC15C528 for <>; Tue, 2 May 2023 08:52:41 -0700 (PDT)
Date: Tue, 02 May 2023 15:52:22 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=protonmail; t=1683042758; x=1683301958; bh=1pZtcEpRnskm+d37M0RfIFhESyNbwLEHKStek7kSBL4=; h=Date:To:From:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=MT9n5HPj6+Vq24GPiJ0ibAqtD3H5V1FtRI1qgi8+TAfDCTw4xE3VN2yTUevV7IW0a Fd0hDLMNHoqc9YMJUOuM3o90/ubcmIBLE8dqpPR5blycCkvX/wFUo9D37zDFXAaNT1 nmTnt+exxKbqeRW081cpCbPwrDOK7xw1HQK9ngFiHuMDOfm1ecvsvDMXsHeiPPf9i3 TauVoy7eNZPRGi2O31DqE0ZwkQdd0amdCADrDeAZCkwq6IJkkShxorJZcvIg5mvmbN wGONZLD/MDQ3Leze4cmzv7xFDK0QsNoEo0Qj0/aovE1u4/NSC2RN7AudANDD/e81+k b9m4edzJaHwBQ==
From: Joe Abley <>
Message-ID: <>
In-Reply-To: <>
References: <> <> <> <ZFD/> <> <> <>
Feedback-ID: 62430589:user:proton
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b1_M4frifOUSvJvwa9kPHIcV5mBx4eZ36lyXbXoQToFk"
Archived-At: <>
Subject: Re: [DNSOP] [Ext] WGLC rfc8499bis one week extension for lame delegation definition
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 May 2023 15:52:45 -0000

On Tue, May 2, 2023 at 11:09, Peter Thomassen <[](mailto:On Tue, May 2, 2023 at 11:09, Peter Thomassen <<a href=)> wrote:

> If one of the NS answers non-authoritatively, then it doesn't serve a proper NS RRset, so it's not possible for that server's response to agree / be identical with that on the parent side. As a result, the delegation (to that server) is lame, isn't it?

A nameserver can answer authoritatively for a particular query without being listed in any zone's NS RRSet.

A response from a server doesn't necessarily include an NS RRSet anyway.

Whether or not two different servers that serve the same zone serve the same zone contents might be a sign of a problem, or it might be normal (e.g. a consequence of the loose coherence that is an accepted and acceptable consequence of DNS's standard replication mechanisms).


There are lots of things that can be wrong with DNS operations in general and with delegations in particular. A lame delegation is just one of them.