small sibling glue records help

Mark Andrews Mark_Andrews at isc.org
Wed Dec 19 21:26:11 UTC 2007 

> Alan Clegg wrote, On 12/19/2007 03:20 PM:
> > Anatoly Pugachev wrote:
> >> Can someone explain me, what does mean:
> >> 18-Dec-2007 13:34:10.856 zone dom1.ru/IN: avgust.dom1.ru/NS 'ns.sub1.dom1.
> ru' has no SIBLING GLUE address records (A or AAAA)
> >>
> >> Does that mean, that i should add A record for ns.sub1.dom1.ru into dom1.r
> u zone file?
> >> I already have 
> >>
> >> $ORIGIN dom1.ru
> >> sub1    NS ns1.zone.ru.
> >>         NS ns2.zone.ru.
> > 
> > What this message means is that the nameservers (pointed to by the NS
> > records) reside within the zone for which they are authoritative.  For
> > the nameserver of the zone above (in this case dom1.ru) to be able to
> > provide a response including the IP addresses of the nameservers for the
> > subordinate zone, you need the IP addresses in the parent.
> > 
> > In other words, yes, you should add A records for the nameservers that
> > live within the zone in question.  I'm thinking that your example is
> > probably:
> > 
> >  $ORIGIN sub1.dom1.ru
> >  sub1    NS ns1.sub1.dom1.ru.
> >          NS ns2.sub1.dom1.ru.
> > 
> > In this case, you need to add:
> > 
> >  ns1.sub1.dom1.ru. IN A x.y.z.a
> >  ns2.sub1.dom1.ru. IN A l.m.n.o
> > 
> > to the dom1.ru zone file.  (that's the "glue")
> > 
> > AlanC
> 
> Forgive me for correcting you, Alan, but that's not entirely true.
> Actually - according to the error message above - there are *TWO* zone
> cuts/delegations below dom1.ru (avgust.dom1.ru and sub1.dom1.ru) and
> one's name servers lie below the other. That's why the error message
> reads SIBLING GLUE instead of REQUIRED GLUE. In any case, the A record
> for ns.sub1.dom1.ru is the glue that's missing.
> 
> If I understand correctly, not handing out this glue record invites a
> resolving name server querying for any names below avgust.dom1.ru to
> abandon its original query and start hunting for ns.sub1.dom1.ru, then
> probably abandoning that query to hunt for the name servers of
> sub1.dom1.ru (ns1.zone.ru,ns2.zone.ru). This would work with a BIND 9
> resolver but used to be a problem with BIND 8.
> 
> Regards,
> Alex
 
	SIBLING glue is required to make the following delegation
	work.

		a.example.net NS ns1.b.example.net
		b.example.net NS ns1.a.example.net

	These sorts of delegation loops do occur.  As do partial
	delegation loops fail/succeed depending apon which servers
	are up.

	If you get a SIBLING glue missing message you should find
	and add that glue record.

	Note there are delegation loops that require glue that is
	not below the parent zone.  These loops are not supported
	by named (yet).

	Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list