nameserver registration
Michael Sinatra
michael at rancid.berkeley.edu
Sat Jun 18 23:22:18 UTC 2011
On 06/18/11 15:23, Chris Thompson wrote:
> On Jun 18 2011, Michael Sinatra wrote:
>>
>> In theory, you can insert glue records anywhere above the zone in
>> question. See RFC 2181, section 5.4.1.
>>
>> As an example, glue for the servers adns1.berkeley.edu and
>> adns2.berkeley.edu exist in the root zone.
>
> For "fj", "hk", and "xn--j6w193g". These are examples of what some
> of the BIND documentation calls "sibling glue".
You forgot "au" :)
And I now recall that the subject of sibling glue has been discussed on
this list a couple years ago.
> Of course, at the root zone level, *all* NS records need either
> "required glue" or "sibling glue", because every single one of them
> is somewhere under the root zone. At least, until the aliens contact
> us and we get the Internet spliced into the Galactinet ..
>
> Also, the "required glue" + "sibling glue" desideratum is not always
> enough. Consider
>
> foo.com. NS ns1.bar.net.
> foo.com. NS ns2.bar.net.
>
> and
>
> bar.net. NS ns1.foo.com.
> bar.net. NS ns2.foo.com.
>
> Neither seems to to need glue in either "com" or "net", but without
> either the domains cannot be resolved. This was a significant issue
> when VeriSign changed the way the *.gltd-servers.net responded last
> year.
That's a good example (dare I say the canonical one?). I was thinking
of even simpler cases, such as where you are at least a layer below SLD.
Consider:
baz.org. NS ns1.dns.podunk.edu.
baz.org. NS ns2.dns.podunk.edu.
and
dns.podunk.edu. NS ns1.dns.podunk.edu.
dns.podunk.edu. NS ns2.dns.podunk.edu.
In theory, you "should" only need glue in podunk.edu, but podunk.edu
isn't under the control of any registry (or registrar for that matter).
If the registrar for baz.org wants to be sure that things are going to
work--and that they will stay working--then you need appropriate glue at
a higher level.
Because registrars (and even registries) can't always control the
immediate parent of the NS, they require registration of the nameserver
to allow for glue to be placed at higher levels.
michael
More information about the bind-users
mailing list