[prev in list] [next in list] [prev in thread] [next in thread]
List: dns-operations
Subject: Re: [dns-operations] is glue expected in this case?
From: Joe Abley <jabley () hopcount ! ca>
Date: 2019-01-25 6:05:15
Message-ID: AFA52BA9-D4E2-4FA5-ABE9-2F290DDB8432 () hopcount ! ca
[Download RAW message or body]
On 24 Jan 2019, at 07:34, Tony Finch <dot@dotat.at> wrote:
> Veaceslav Revutchi <slavarevutchi@gmail.com> wrote:
>
> > I would expect this glue to be present at the tld if
> > ns-1281.awsdns-32.org was one of the name servers for awsdns-32.org
> > which is not the case. Is there another reason for this record to be
> > kept in the org zone?
>
> My understanding is that most (not all) registries use a data model with
> separate domain and host objects, and these registries require a host
> object to exist for any NS record that is a child of any of the TLDs in
> the registry. [.com, .net, and .edu share a registry, for example] Whether
> a host object has to have addresses is a bit unclear to me:
I think (at least at one time) the working rule was that host objects should have \
populated address attributes if the name of the hosts was subordinate to a zone being \
published from the registry. As I remember it, this was mainly a rule because it was \
simple to understand by everybody and simple to code.
> the minimal
> requirement from the DNS is that an NS target should have glue if it is a
> child of the NS owner, but registries can require addresses in more
> situations than the DNS needs.
Yeah.
An additional wrinkle is that just because a host object has addresses doesn't mean \
that they will necessarily be published in the zone. It is reasonable to suppress a \
glue record from a host object that exists if there are no delegations that reference \
them, for example (perhaps the corresponding domain objects have been deleted, or \
suspended, or otherwise suppressed from publication) even if the domain that is \
superordinate to the host name is delegated.
> There's also some complication about
> whether a host object in the registry is actually published in the zone
> (for instance glue should be omitted if the parent domain is cancelled so
> it isn't promoted to authoritative data, but there may be other more
> obscure cases).
There have been cases where people tried to game registries into hosting such \
promoted records in the past, and I would hope that most people who run registries \
are careful about that these days.
Maybe the regiops people would have useful things to say with less handwaving than I \
am doing :-)
Joe
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-operations mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic