[prev in list] [next in list] [prev in thread] [next in thread] 

List:       inet-access
Subject:    Re: seeking pointers on the topic of 'name server registration'
From:       "Kent Crispin" <kent () songbird ! com>
Date:       2011-08-05 6:52:55
Message-ID: 57552.75.25.158.252.1312527175.squirrel () ancient-warrior ! net
[Download RAW message or body]

On Wed, August 3, 2011 20:20, Brian Reichert wrote:
> On Wed, Aug 03, 2011 at 09:25:17PM +0000, Blake Pfankuch wrote:
>> I've seen that before godaddy as an example has a section at the bottom of the
>> domain information for a "Hosts Summary" which allows you to set glue for the
>> record.  It gives a similar error to the "record must be registered".  Mostly
>> they are just complaining if they can't find glue, and as I understand it's
>> just to enforce nameservers to have glue so they fail less :)
>
> My (limited) understanding is that glue records are important only in the
> case where a name server is within domain it's responsible for.

Generally.  You can also have cross-dependencies that can result in unresolvable
names:

(in the .com zone):
xyz.com   ns   ns.wxy.org

(in the .org zone):
wxy.org   ns   ns.xyz.com

ns.wxy.org is not in xyz.com, so shouldn't need a glue record
ns.xyz.com is not in wxy.org, so shouldn't need a glue record

But if those two records are all that exist, there is no way to resolve either
name.  Suppose I put a single glue record in the .com zone, so I have

(in the .com zone):
xyz.com    ns   ns.wxy.org
ns.wxy.org a    1.2.3.4

Then both names can resolve.

(If the wxy.org zone is deleted you have an orphan glue record still in the .com
zone.)

If we had
(com)
xyz.com     ns   www.wxy.org
www.wxy.org a    1.2.3.4

(org)
wxy.org     ns   www.wxy.org

then deleting the wxy.org domain would leave the www.wxy.org domain still at
least partially resolvable (you need to force a reference to xyz.com, to get it
cached), and a website at www.wxy.org still on the air, perhaps selling viagra
or something, even though law enforcement had caused the parent domain to be
deleted.

>
> For example, my own domain, where I'm undergoing these machinations:
>
>   $ dig @m.gtld-servers.net. ns numachi.com
>
>   [snip]
>
>   ;; QUESTION SECTION:
>   ;numachi.com.			IN	NS
>
>   ;; AUTHORITY SECTION:
>   numachi.com.		172800	IN	NS	away.numachi.com.
>   numachi.com.		172800	IN	NS	linode.feoh.org.
>
>   ;; ADDITIONAL SECTION:
>   away.numachi.com.	172800	IN	A	66.228.38.138
>
> The 'ADDITIONAL SECTION' calls out the glue records for
> 'away.numachi.com.', as it's needed to allow 'numachi.com' to
> resolve.
>
> But, there is no glue record for 'linode.feoh.org'.  I don't think
> it's neccessary, but it would be nice for performance
> reasons.
>
> And, I have no idea who's responsibility it is to generate them.

Registrars should allow you to specify the IP address of the nameservers.  If
you don't, and the nameserver is in your zone, they have no reliable way to set
up a glue record.  They also don't necessarily check to see if an address you
supply for an out-of-bailiwick nameserver is accurate.  They probably shouldn't
generate a glue record in that case, but, as you can see from the above
pathological case, sometimes a glue record would be necessary.

> I don't know if that generation is related to 'name server
> registration', and I have no idea what that process is, or if it's
> neccessary.

I don't know what the process is for sure, but it's probably related to trying
to have better control over who really "owns" a nameserver -- but registrars
don't necessarily follow uniform rules for things like this.

Kent

-- 
Eat sushi frequently. - Avi
inet@inet-access.net is the human contact address.
list@inet-access.net is the list posting address.
See below URL for subscribe/unsubscribe and list options:
http://inet-access.net/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]