[87928] in North American Network Operators' Group
Re: AW: Odd policy question.
daemon@ATHENA.MIT.EDU (Randy Bush)
Sat Jan 14 17:25:15 2006
From: Randy Bush <randy@psg.com>
Date: Sat, 14 Jan 2006 12:24:47 -1000
To: "Jeffrey I. Schiller" <jis@mit.edu>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
> Indeed all that is required is a way to detect that the
> delegation is lame
for bind vic^H^H^Husers
dig +norec zone.name. @delegatee.name. soa
to check the ns rrset at the [proposed] delegatee
dig +norec zone.name. @delegatee.name. ns
on later digs, you can also use the +short option if you don't want
to see too much detail.
serious pedants can also check for response via tcp, as opposed to
just the default udp.
> hopefully in a secure fashion
could you amplify?
> and remove the lame delegations. Of course that does leave the
> problem of what to do if all of the delegations are lame
or if a proper subset of the delegations are lame.
or if the ns rrset at a delegatee does not match that which
was specified to be installed in the delegating zone file.
randy
