End workarounds for delegations where the delegation NS RRset is good, but the authoritative NS RRset is 'bad'

[cathya57]

There are some specific cases of 'broken' delegations that we see inconsistent 'tolerance' for amongst DNS resolver behaviours. Noting that for the TTL of the authoritative NS RRset for a zone, that a resolver should prefer the authoritative NS RRset over the delegation NS RRset, I would like to propose that we end any built-in workarounds for some or all of these scenarios:

• The delegation (parent) NS RRset is good but the NS RRset returned by any/all of the servers listed in the parent consists of names that cannot be resolved (e.g. ns1.local)
• The delegation (parent) NS RRset is good, but the NS RRset returned by any/all of the servers listed in the parent consists of names that can be resolved, but which fail to respond to queries or which respond SERVFAIL
• Lame delegations (where the servers respond correctly, but with the wrong authority - usually for the parent or an intermediate zone).

Some, but not all of the above are to some extent 'mitigated' by the delegated zone owners returning their own authoritative NS RRset with TTL 0 - this ensures a much higher success rate of client queries (approaching 100%) but usually with a cost to the resolver of having to re-query the parent domain for the delegation NS RRset again for nearly every client query being handled