Re: [DNSOP] DNSOP rfc8499bis Interim followup consensus on glue definition

Mon, 07 Nov 2022 13:28:08 -0800 

> From: Benno Overeinder <be...@nlnetlabs.nl>
> Questions:
> 
> 2. Definition of Glue provided by Duane Wessels on the DNSOP WG
> mailing
>    list:
> 
>    "Glue is non-authoritative data in a zone that is transmitted in the
>    additional section of a referral response on the basis that the data
>    might be necessary for resolution to proceed at the referred name
>    servers."
> 
>    On the mailing list, we have seen a discussion about "necessary"
>    versus "useful".

"in-domain" glue is necessary.
"sibling" glue is not necessary.
I don't like "useful". "sibling" glue is not really necessary.

However, ".com" name resolution depends on "sibling" glue.

from root-server's response
com.                    172800  IN      NS      d.gtld-servers.net.
d.gtld-servers.net.     172800  IN      A       192.31.80.30
d.gtld-servers.net.     172800  IN      AAAA    2001:500:856e::30

If this sibling glue does not exist, resovlers need to resolve
d.gtld-servers.net A/AAAA before sending example.com queries to
d.gtld-servers.net.

gtld-servers.net.       172800  IN      NS      av1.nstld.com.
gtld-servers.net.       172800  IN      NS      av2.nstld.com.
gtld-servers.net.       172800  IN      NS      av3.nstld.com.
gtld-servers.net.       172800  IN      NS      av4.nstld.com.

Then, without sibling glue, "gtld-servers.net" cannot be resolved....

So with the current configuration of "gtld-servers.net", sibling glue
is also necessary. (I don't like)

>    In this context glue is defined to be exclusively
>    A/AAAA records (traditional understanding), or do we also consider
>    other RRtypes to be glue, e.g. SCVB/HTTPS or DS records?  Concern is
>    that "useful" may lead to a definition that is too broad.

Section 4.2.1 of RFC 1034 shows that
   - Data that allows access to name servers for subzones
     (sometimes called "glue" data).

"DS" RR is authoritative data. Then, it is not a glue.

Address records attached with "SVCB/HTTPS" RR are considered the same
as "MX" RRs.

  Section 4.1 of RFC1035:

     the additional records section contains RRs which relate to the
     query, but are not strictly answers for the question.

  Then, it is not glue.
    
--
Kazunori Fujiwara, JPRS <fujiw...@jprs.co.jp>

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to