Re: [DNSOP] DNS Terminology: Glue
On Thu, Mar 12, 2015 at 2:10 PM, Paul Hoffman paul.hoff...@vpnc.org wrote: On Mar 12, 2015, at 10:59 AM, Tony Finch d...@dotat.at wrote: Patrik Wallström pa...@blipp.com wrote: Glue Name Records are defined as all NS records pertaining to the child domain that are delivered by the nameservers for the parent domain. Glue Address Records are all A or records pertaining to the child domain that are delivered by the nameservers for the parent domain That's nice and clear. I use the term delegation NS records and reserve glue records for the address records. My reading of 1034 is the same as Tony's. I don't seen in 1034 where the delegating NS records would qualify as glue at all. I use the same terminology also (i.e., delegation NS records vs. glue records). But it should be noted that within existing RFCs the terminology differs: RFC 1034 4.2.1: ...glue RRs which are not part of the authoritative data, and are address RRs for the servers. RFC 1034 4.2.2: ...delegation NS RRs and glue RRs but: RFC 2181 5.4.1: Glue above includes any record in a zone file that is not properly part of that zone, including nameserver records of delegated sub- zones (NS records), address records that accompany those NS records (A, , etc), and any other stray data that might appear. It's unclear whether 'glue' above means glue, for the purposes of this document or glue, which we are restating the definition of, but it sounds to me like the latter. In any case, the definition differs from that previously stated (and my own understanding). Casey ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] DNS Terminology: Glue
On Fri, Mar 13, 2015 at 7:00 PM, Paul Hoffman paul.hoff...@vpnc.org wrote: Casey noticing the updated, wider definition in 2181 kinda throws a wrench into the what is not glue discussion. Here is a proposed update to the draft that includes both definitions and discusses the ramifications of the update. Glue records -- Resource records which are not part of the authoritative data [for a zone], and are address resource records for the servers [in a subzone]. These RRs are only necessary if the name server's name is below the cut, and are only used as part of a referral response. (Definition from RFC 1034, section 4.2.1) A later definition is that glue includes any record in a zone file that is not properly part of that zone, including nameserver records of delegated sub-zones (NS records), address records that accompany those NS records (A, , etc), and any other stray data that might appear. (Definition from RFC 2181, section 5.4.1) This definition in RFC 2181 is wider than the one from RFC 1034, and bases the definition on the contents of a zone file. Some implementers might only be thinking about the earlier definition when they see rules about glue records. In the spirit of the statement (from the terminology draft): Some of the definitions differ from earlier RFCs, and those differences are noted. I think noting the definitions in the two RFCs is good, but additional clarity is necessary to avoid perpetuating further confusion. The RFC 2181 definition of glue is under the section clarifying rules for Data ranking. Whether it is attempting to restate the definition of glue generally or define glue for the the scope of this section/document alone, that is not the focus of the section. Anyway, this is clearly at odds with RFC 1034's definition. For example, RFC 1034 states that [glue] RRs are only necessary...--but delegation NS records are always necessary (i.e., there is no if...). Also, the RFC 1034 (section 4.2.1) text immediately preceding that quoted in the Glue records states: In particular, if the name of the name server is itself in the subzone, we could be faced with the situation where the NS RRs tell us that in order to learn a name server's address, we should contact the server using the address we wish to learn. To fix this problem, a zone contains 'glue' RRs Understanding the motivation for glue helps us understand the definition of glue, which is clearly for the address records. Here is some proposed rewording that attempts to capture that: Glue records -- Records which are not part of the authoritative data [for a zone], and are address resource records for the servers [in a subzone]. These RRs are only necessary if the name server's name is below the cut, and are only used as part of a referral response. Without glue we could be faced with the situation where the NS RRs tell us that in order to learn a name server's address, we should contact the server using the address we wish to learn. (Definition from RFC 1034, section 4.2.1) The term glue is sometimes incorrectly used to refer to other resource records that are related to a delegation, such as address records included with a referral which are not strictly necessary due to the server's domain name falling below the zone cut, delegation or authoritative name server (NS) records (i.e., above or below the zone cut), or delegation signer (DS) records. RFC 2181 (section 5.4.1) denotes glue as any record in a zone file that is not properly part of that zone, including nameserver records of delegated sub-zones (NS records), address records that accompany those NS records (A, , etc), and any other stray data that might appear. This definition is explicitly applied to the use of the term within the document itself. However, its application beyond the document is questionable because of its contrast with both the motivation for an definition of glue in RFC 1034. Regards, Casey ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] DNS Terminology: Glue
On Fri, Mar 13, 2015 at 09:00:34AM -0700, Paul Hoffman wrote: If there is a well-accepted name for address records that come with glue records but are not actually glue records, we can add it, but I am hesitant for this document becoming a list of things observed in the wild that don't already have names. FWIW, what we tentatively have for the next draft is: Glue records -- Resource records which are not part of the authoritative data [for a zone], and are address resource records for the servers [in a subzone]. These RRs are only necessary if the name server's name is below the cut, and are only used as part of a referral response. (Definition from RFC 1034, section 4.2.1) Given the amount of discussion this topic has generated, and the number of ways I've seen the word used in the past (and, in fact, have used it myself when speaking imprecisely), a discursive paragraph about common misuses might be helpful. Like: The term glue is sometimes incorrectly used to refer to other resource records in a parent zone that are related to a delegation, such as address records included with a referral which are not strictly necessary due to the server's domain name falling below the zone cut, the authoritative delegation (NS), or the delegation signer (DS). This could help newcomers to the DNS to understand what they're reading when they encounter terms like NS glue, but it still stakes out a clear definition of the word. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] DNS Terminology: Glue
On Mar 13, 2015, at 9:33 AM, Evan Hunt e...@isc.org wrote: Given the amount of discussion this topic has generated, and the number of ways I've seen the word used in the past (and, in fact, have used it myself when speaking imprecisely), a discursive paragraph about common misuses might be helpful. Like: The term glue is sometimes incorrectly used to refer to other resource records in a parent zone that are related to a delegation, such as address records included with a referral which are not strictly necessary due to the server's domain name falling below the zone cut, the authoritative delegation (NS), or the delegation signer (DS). This could help newcomers to the DNS to understand what they're reading when they encounter terms like NS glue, but it still stakes out a clear definition of the word. This seems like a good addition. We would like the terminology draft to be both definitions of terms and common mis-definitions. Do others have thoughts on Evan's proposed addition? --Paul Hoffman ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] DNS Terminology: Glue
I guess glue in the scope of the zone data may be a proper subset of glue in the scope of the message. What if zone A has the name server's name below the cut fall in the bailiwick of zone B, and both zones are hosted in one authoritative name server? If that authoritative name server is allowed to place the address (in zone B) of the name server (zone cut in zone A) in a referral response, is that a case of glue in the message but not glue in the zone data? Best regards, Zheng Wang 发件人:Niall O'Reilly niall.orei...@ucd.ie 发送时间:2015-03-12 08:07 主题:[DNSOP] DNS Terminology: Glue 收件人:Paul Hoffmanpaul.hoff...@vpnc.org 抄送:IETF DNSOP WGdnsop@ietf.org Hi. In http://www.ietf.org/id/draft-hoffman-dns-terminology-02.txt, glue is defined as follows. Glue records -- Resource records which are not part of the authoritative data, and are address resource records for the servers listed in the message. They contain data that allows access to name servers for subzones. (Definition from RFC 1034, section 4.2.1) Reference to the message seems to be a distraction here. The cited source defines (and motivates) glue records, in a section which specifies [t]he data that describes a zone, as follows [...] a zone contains glue RRs which are not part of the authoritative data, and are address RRs for the servers. These RRs are only necessary if the name server's name is below the cut, and are only used as part of a referral response. I think that placing the definition of glue in the scope of the message rather than in that of the zone data is likely to lead to confusion. Best regards, Niall O'Reilly ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] DNS Terminology: Glue
On Mar 12, 2015, at 6:53 AM, Phillip Hallam-Baker ph...@hallambaker.com wrote: Its a bug in the spec. The terminology document is the wrong place to deal with bugs in the spec. We are happy to list differences of opinion about what a term means if they appear in different RFCs, but not to try to fix bugs. --Paul Hoffman ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] DNS Terminology: Glue
On Mar 12, 2015, at 5:07 AM, Niall O'Reilly niall.orei...@ucd.ie wrote: In http://www.ietf.org/id/draft-hoffman-dns-terminology-02.txt, glue is defined as follows. Glue records -- Resource records which are not part of the authoritative data, and are address resource records for the servers listed in the message. They contain data that allows access to name servers for subzones. (Definition from RFC 1034, section 4.2.1) Reference to the message seems to be a distraction here. The cited source defines (and motivates) glue records, in a section which specifies [t]he data that describes a zone, as follows [...] a zone contains glue RRs which are not part of the authoritative data, and are address RRs for the servers. These RRs are only necessary if the name server's name is below the cut, and are only used as part of a referral response. I think that placing the definition of glue in the scope of the message rather than in that of the zone data is likely to lead to confusion. Quite right. We'll fix this in the next draft. --Paul Hoffman ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop