vinton.g.cerf@mci.com ("vinton g. cerf") writes:
> I would be interested to know whether Alcatel really believes that DNS
> behaves in such a way that one MUST delegate at each "dot" - as far as I
> know, it is NOT required to do so.
it's not required to do so. see for example
;; QUERY SECTION:
;; _kerberos._udp.vix.com, type = SRV, class = IN
;; ANSWER SECTION:
_kerberos._udp.vix.com. 1H IN SRV 1 0 88 kerberos-2.vix.com.
_kerberos._udp.vix.com. 1H IN SRV 0 1 88 kerberos-0.vix.com.
_kerberos._udp.vix.com. 1H IN SRV 1 0 88 kerberos-1.vix.com.
;; AUTHORITY SECTION:
vix.com. 1H IN NS ns1.gnac.com.
vix.com. 1H IN NS ns-ext.vix.com.
;; ADDITIONAL SECTION:
ns1.gnac.com. 1d5h15m35s IN A 64.124.44.166
ns-ext.vix.com. 1H IN AAAA 2001:4f8:0:2::13
ns-ext.vix.com. 1H IN A 204.152.184.64
the apex of the enclosing zone is two labels above the qname and answer.
alcatel is just confused. however, this confusion is pretty common, and
i know that a lot of domain integrity checkers get it wrong.
--
Paul Vixie