Re: Glue records (was Re: ATTN GARY KLINE)
On Friday 05 November 2010 22:51:01 Robert Bonomi wrote: From owner-freebsd-questi...@freebsd.org Fri Nov 5 02:26:31 2010 From: Jonathan McKeown j.mcke...@ru.ac.za To: freebsd-questions@freebsd.org Date: Fri, 5 Nov 2010 10:27:38 +0200 Subject: Glue records (was Re: ATTN GARY KLINE) When a nameserver delegates a zone, it's not responsible for any of that zone's records any more, with two exceptions. It provides NS records to indicate which nameservers /are/ responsible, and it retains responsibility for the A records of nameservers inside the zone - and only those nameservers. (That's glue.) There's no way a .com nameserver should be providing A records for hosts in the .au zone. sure there is. Domain: foo.com (an aussie company) nameservers ns1.alicesprings.au, ns2.umelbourneatperth.au I think we're agreeing violently ;) The nameservers for the .com zone, when asked about foo.com, should reply with the hostnames of the two nameservers. It shouldn't reply with their IP addresses; the only nameservers that can do that are the ones serving the .au zone or the alicesprings.au and umelbourneatperth.au zones. They're still wrong to bw whinging about a lack o glue records. glue is needed _only_ when the nameserver is _in_ the domain it is the authoritative servr for. So, in the above frivolous example, foo.com does *NOT* need any glue records, but if ns1.alicesprings.au is an authoritative server for alicesprings.au, then *it* needs a glue record for that domain. Well, the glue record will be ``above the cut'': if .au delegates alicesprings.au, it's the .au nameserver that provides the A record for ns1.alicesprings.au; but, yes. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Glue records (was Re: ATTN GARY KLINE)
On Friday 05 November 2010 09:28:27 Ian Smith wrote: But you don't always have any control of what parent nameservers do; eg we do DNS for a .com but both NS are in .au so DNS reports always whinge about lack of glue They should be whingeing about lack of clue (their own) unless I'm horribly wrong about how DNS works. When a nameserver delegates a zone, it's not responsible for any of that zone's records any more, with two exceptions. It provides NS records to indicate which nameservers /are/ responsible, and it retains responsibility for the A records of nameservers inside the zone - and only those nameservers. (That's glue.) There's no way a .com nameserver should be providing A records for hosts in the .au zone. nonetheless it works, though only after a hunt down through the .au servers, until cached. Yes, this is exactly what /should/ happen. Only the .au servers (or servers they delegate to) are authoritative for hosts in the .au zone. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Glue records (was Re: ATTN GARY KLINE)
In freebsd-questions Digest, Vol 335, Issue 9, Message: 7 On Fri, 5 Nov 2010 10:27:38 +0200 Jonathan McKeown j.mcke...@ru.ac.za wrote: On Friday 05 November 2010 09:28:27 Ian Smith wrote: But you don't always have any control of what parent nameservers do; eg we do DNS for a .com but both NS are in .au so DNS reports always whinge about lack of glue They should be whingeing about lack of clue (their own) unless I'm horribly wrong about how DNS works. Indeed, my point .. I've tried quite a few free DNS health reporters over the time; some eg thednsreport.com list missing glue records as a warning, ending: This will usually occur if your DNS servers are not in the same TLD as your domain which is just the case, but others have splashed red ink over this one .. sorry, don't recall which offhand. When a nameserver delegates a zone, it's not responsible for any of that zone's records any more, with two exceptions. It provides NS records to indicate which nameservers /are/ responsible, and it retains responsibility for the A records of nameservers inside the zone - and only those nameservers. (That's glue.) There's no way a .com nameserver should be providing A records for hosts in the .au zone. Nor, I guess, .org nameservers having A RRs for a .net NS, like Gary's. nonetheless it works, though only after a hunt down through the .au servers, until cached. Yes, this is exactly what /should/ happen. Only the .au servers (or servers they delegate to) are authoritative for hosts in the .au zone. Just so, Jonathan; I was referring to lack of clue of some reporting gadgets. dnscog.com got this one right, but its mail report is sus. cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Glue records (was Re: ATTN GARY KLINE)
From owner-freebsd-questi...@freebsd.org Fri Nov 5 02:26:31 2010 From: Jonathan McKeown j.mcke...@ru.ac.za To: freebsd-questions@freebsd.org Date: Fri, 5 Nov 2010 10:27:38 +0200 Subject: Glue records (was Re: ATTN GARY KLINE) On Friday 05 November 2010 09:28:27 Ian Smith wrote: But you don't always have any control of what parent nameservers do; eg we do DNS for a .com but both NS are in .au so DNS reports always whinge about lack of glue They should be whingeing about lack of clue (their own) unless I'm horribly wrong about how DNS works. When a nameserver delegates a zone, it's not responsible for any of that zone's records any more, with two exceptions. It provides NS records to indicate which nameservers /are/ responsible, and it retains responsibility for the A records of nameservers inside the zone - and only those nameservers. (That's glue.) There's no way a .com nameserver should be providing A records for hosts in the .au zone. sure there is. Domain: foo.com (an aussie company) nameservers ns1.alicesprings.au, ns2.umelbourneatperth.au They're still wrong to bw whinging about a lack o glue records. glue is needed _only_ when the nameserver is _in_ the domain it is the authoritative servr for. So, in the above frivolous example, foo.com does *NOT* need any glue records, but if ns1.alicesprings.au is an authoritative server for alicesprings.au, then *it* needs a glue record for that domain. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org