[Yeti DNS Discuss] Yeti root servers that are authoritative for other domains
shane at biigroup.cn
Thu Jun 16 12:47:50 UTC 2016
I am testing a program I wrote to compare IANA root server answers with
Yeti root server answers. (It's not quite ready for general use I
think, but it seems basically functional.)
One difference that I have found is that at least one Yeti root server
is authoritative for other zones besides root. This means that if you
send a query to that server it will answer authoritatively, instead of
with a delegation.
So, if you are looking for "fromitz.nl" you might get an answer, instead
of a referral to the NL servers. This only happens from some Yeti root
While this is not a protocol violation, it means that some Yeti servers
give different answers to the same question.
Should we do anything about this?
* We can declare this a bad idea, and ask operators to fix this
* We can decide that this is okay, since (as I say) the protocol is not
violated. (This will show up as differences from what the IANA root
servers respond, but the answers that a recursive resolver will
arrive at are identical.)
* We can allow it but be nervous... perhaps requiring a statement from
the operator saying "it's okay, I know what I'm doing", or perhaps
requiring DNSSEC, or... ?
Note that the IANA root servers kind of operate in this way today, as
the A-F root servers are authoritative for IN-ADDR.ARPA and IP6.ARPA,
but the rest are not. (I say "kind of" since those ARPA domains are
More information about the discuss