delegation-only message
Paul Vixie
vixie at sa.vix.com
Tue Apr 6 23:02:18 UTC 2004
hoch at exemplary.invalid (CharlesH) writes:
> enforced delegation-only for 'com' (ns1.swqj.com/A/IN) from 192.12.94.30#53
> I believe these are due to glue records remaining behind when a domain
> is suspended (swqj.com, in this case), for the sake of other still active
> domains which use that name server.
yes.
> My question is this: Is the delegation-only functionality flawed in that
> it disallows perfectly valid situations, or is keeping the glue record
> around an inappropriate action by the registrar of the suspended domain?
delegation-only is a dangerous option and it could even be called flawed in
that it violates the dns data model (which calls for zone-level autonomy).
the registry's action (keeping an A RR around even on an expired zone) is
also a violation of the dns data model (since, given zone-level autonomy,
the final arbiter of the existence of the glue name is the zone, which is
missing.) however, removing this glue usually breaks other zones that are
currently working (since their NS RR starts to dangle.)
both practices (delegation-only, and keeping orphaned glue) are arguably
wrong, and yet quite common.
--
Paul Vixie
More information about the bind-users
mailing list