[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dns-operations
Subject:    Re: [dns-operations] is glue expected in this case?
From:       Joe Abley <jabley () hopcount ! ca>
Date:       2019-01-25 6:05:15
Message-ID: AFA52BA9-D4E2-4FA5-ABE9-2F290DDB8432 () hopcount ! ca
[Download RAW message or body]

On 24 Jan 2019, at 07:34, Tony Finch <dot@dotat.at> wrote:

> Veaceslav Revutchi <slavarevutchi@gmail.com> wrote:
> 
> > I would expect this glue to be present at the tld if
> > ns-1281.awsdns-32.org was one of the name servers for awsdns-32.org
> > which is not the case. Is there another reason for this record to be
> > kept in the org zone?
> 
> My understanding is that most (not all) registries use a data model with
> separate domain and host objects, and these registries require a host
> object to exist for any NS record that is a child of any of the TLDs in
> the registry. [.com, .net, and .edu share a registry, for example] Whether
> a host object has to have addresses is a bit unclear to me:

I think (at least at one time) the working rule was that host objects should have \
populated address attributes if the name of the hosts was subordinate to a zone being \
published from the registry. As I remember it, this was mainly a rule because it was \
simple to understand by everybody and simple to code.

> the minimal
> requirement from the DNS is that an NS target should have glue if it is a
> child of the NS owner, but registries can require addresses in more
> situations than the DNS needs.

Yeah.

An additional wrinkle is that just because a host object has addresses doesn't mean \
that they will necessarily be published in the zone. It is reasonable to suppress a \
glue record from a host object that exists if there are no delegations that reference \
them, for example (perhaps the corresponding domain objects have been deleted, or \
suspended, or otherwise suppressed from publication) even if the domain that is \
superordinate to the host name is delegated.

> There's also some complication about
> whether a host object in the registry is actually published in the zone
> (for instance glue should be omitted if the parent domain is cancelled so
> it isn't promoted to authoritative data, but there may be other more
> obscure cases).

There have been cases where people tried to game registries into hosting such \
promoted records in the past, and I would hope that most people who run registries \
are careful about that these days.

Maybe the regiops people would have useful things to say with less handwaving than I \
am doing :-)


Joe
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-operations mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-operations


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic