Glue record miunderstanding
Matthew Pounsett
matt at conundrum.com
Thu Oct 1 22:25:51 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01-Oct-2009, at 16:03, Scott Haneda wrote:
> Is it also correct, I only need a NS glue record for the actual NS
> itself. There does not need to be a glue record for very zone that
> I am providing DNS for?
The only case where glue *must* be present is when a nameserver name
is a subdomain of the zone it's authoritative for.
So, if ns1.example.com is one of the nameservers for example.com,
then there must be glue in the com zone. In all other cases it is not
required. However, some registries may include glue even when its not
necessary, since it simplifies the logic of generating their zone.
To check if glue is present, ask your parent's nameservers for some
record inside your zone. When you get back the delegation response,
if glue is present it'll be included in the ADDITIONAL section.
Here's a real-world example. In this case, glue is unnecessary in the
com zone, but Verisign is including it anyway:
18:24:04 % dig +norec IN A www.example.com @a.gtld-servers.net
; <<>> DiG 9.4.3-P3 <<>> +norec IN A www.example.com @a.gtld-servers.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55065
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.example.com. IN A
;; AUTHORITY SECTION:
example.com. 172800 IN NS a.iana-servers.net.
example.com. 172800 IN NS b.iana-servers.net.
;; ADDITIONAL SECTION:
a.iana-servers.net. 172800 IN A 192.0.34.43
b.iana-servers.net. 172800 IN A 193.0.0.236
;; Query time: 65 msec
;; SERVER:
;; WHEN: Thu Oct 1 18:24:13 2009
;; MSG SIZE rcvd: 113
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.11 (Darwin)
iEYEARECAAYFAkrFLHkACgkQmFeRJ0tjIxF8qwCeILXgTweMvfy5/44oA3PTV//G
z5YAoJBBRer7pj1RE9xfUdGG2GugFUfM
=crTH
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list