Glue record miunderstanding
Matus UHLAR - fantomas
uhlar at fantomas.sk
Fri Oct 2 06:58:30 UTC 2009
> On 01-Oct-2009, at 16:03, Scott Haneda wrote:
>> Is it also correct, I only need a NS glue record for the actual NS
>> itself. There does not need to be a glue record for very zone that I
>> am providing DNS for?
On 01.10.09 18:25, Matthew Pounsett wrote:
> The only case where glue *must* be present is when a nameserver name is a
> subdomain of the zone it's authoritative for.
>
> So, if ns1.example.com is one of the nameservers for example.com, then
> there must be glue in the com zone. In all other cases it is not
> required. However, some registries may include glue even when its not
> necessary, since it simplifies the logic of generating their zone.
and often breaks when the A record of nameserver changes.
> To check if glue is present, ask your parent's nameservers for some
> record inside your zone. When you get back the delegation response, if
> glue is present it'll be included in the ADDITIONAL section.
to check if glue is present in the zone, you usually must see the zone.
the exception is when you know that the server doesn't have any other zones
loaded where the record could appear.
> Here's a real-world example. In this case, glue is unnecessary in the
> com zone, but Verisign is including it anyway:
>
> 18:24:04 % dig +norec IN A www.example.com @a.gtld-servers.net
> ;; AUTHORITY SECTION:
> example.com. 172800 IN NS a.iana-servers.net.
> example.com. 172800 IN NS b.iana-servers.net.
>
> ;; ADDITIONAL SECTION:
> a.iana-servers.net. 172800 IN A 192.0.34.43
> b.iana-servers.net. 172800 IN A 193.0.0.236
the server returns glue records in additional section because it's also
authoritative for .net and iana-servers.net has those glue records in .net
zone. Therefore server constructed response of all data it has loaded:
% dig any iana-servers.net. @a.gtld-servers.net
;; ANSWER SECTION:
iana-servers.net. 172800 IN NS a.iana-servers.net.
iana-servers.net. 172800 IN NS b.iana-servers.org.
iana-servers.net. 172800 IN NS c.iana-servers.net.
iana-servers.net. 172800 IN NS d.iana-servers.net.
iana-servers.net. 172800 IN NS ns.icann.org.
;; ADDITIONAL SECTION:
a.iana-servers.net. 172800 IN A 192.0.34.43
c.iana-servers.net. 172800 IN A 139.91.1.10
d.iana-servers.net. 172800 IN A 208.77.188.44
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
More information about the bind-users
mailing list