Glue record miunderstanding

Matus UHLAR - fantomas uhlar at fantomas.sk
Fri Oct 2 06:58:30 UTC 2009 

> On 01-Oct-2009, at 16:03, Scott Haneda wrote:
>> Is it also correct, I only need a NS glue record for the actual NS  
>> itself.  There does not need to be a glue record for very zone that I 
>> am providing DNS for?

On 01.10.09 18:25, Matthew Pounsett wrote:
> The only case where glue *must* be present is when a nameserver name is a 
> subdomain of the zone it's authoritative for.
>
> So,  if ns1.example.com is one of the nameservers for example.com, then 
> there must be glue in the com zone.  In all other cases it is not  
> required.  However, some registries may include glue even when its not  
> necessary, since it simplifies the logic of generating their zone.

and often breaks when the A record of nameserver changes.

> To check if glue is present, ask your parent's nameservers for some  
> record inside your zone.  When you get back the delegation response, if 
> glue is present it'll be included in the ADDITIONAL section.

to check if glue is present in the zone, you usually must see the zone.
the exception is when you know that the server doesn't have any other zones
loaded where the record could appear. 

> Here's a real-world example.  In this case, glue is unnecessary in the  
> com zone, but Verisign is including it anyway:
>
> 18:24:04 % dig +norec IN A www.example.com @a.gtld-servers.net

> ;; AUTHORITY SECTION:
> example.com.		172800	IN	NS	a.iana-servers.net.
> example.com.		172800	IN	NS	b.iana-servers.net.
>
> ;; ADDITIONAL SECTION:
> a.iana-servers.net.	172800	IN	A	192.0.34.43
> b.iana-servers.net.	172800	IN	A	193.0.0.236

the server returns glue records in additional section because it's also
authoritative for .net and iana-servers.net has those glue records in .net
zone. Therefore server constructed response of all data it has loaded:

% dig any iana-servers.net. @a.gtld-servers.net

;; ANSWER SECTION:
iana-servers.net.       172800  IN      NS      a.iana-servers.net.
iana-servers.net.       172800  IN      NS      b.iana-servers.org.
iana-servers.net.       172800  IN      NS      c.iana-servers.net.
iana-servers.net.       172800  IN      NS      d.iana-servers.net.
iana-servers.net.       172800  IN      NS      ns.icann.org.

;; ADDITIONAL SECTION:
a.iana-servers.net.     172800  IN      A       192.0.34.43
c.iana-servers.net.     172800  IN      A       139.91.1.10
d.iana-servers.net.     172800  IN      A       208.77.188.44

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!

More information about the bind-users mailing list