Correct response to NS request in case of dual delegation when one delegation returns REFUSED

[Marki]

Hello,

We are currently working with a product called Superna Eyeglass which 
can be used for DR purposes on Powerscale (Dell storages).

Quick background: Powerscale leverages DNS to create redundant and 
load-balanced frontend access. Without going into many details, 
Powerscale replies to DNS requests on a service IP (SSIP) indicating 
which node of the cluster should be used for the incoming connection. To 
that end, it requires you to delegate one (or more) zones to that SSIP.

Now Eyeglass (the DR product) recommends using "dual delegation" for 
failover purposes (there are two distinct clusters (active/passive) 
which are not necessarily in-sync at any given moment in time).

What they tell you to do is: Create a service name with two 
delegations/NS records pointing to both storages' SSIPs, the one 
currently not active will return REFUSED.

i.e. you have
cluster IN NS storage1
cluster IN NS storage2

Now they have "readiness" checks where they try to determine if that 
dual delegation is set up correctly.

However, Bind only seems to return one of those nameservers when asked 
for it. Example:

1) client asks Bind: what is NS for "cluster"?
2) Bind seems to issue requests to both "storage1" and "storage2" for 
"NS cluster", one of which always returns "REFUSED"
3) Answer of Bind to client does not contain the one that was "refused".

Therefore that readiness check is not working. They claim this is normal 
and that they only support Windows DNS for that check.

My conclusion is that Windows DNS is an abomination. And relying on an 
inherently faulty behavior leads straight to hell.

Am I missing something? Is Bind behaving correctly?

Thanks,
Marki