No authority for serving glue records.
kcd at daimlerchrysler.com
Wed Jan 29 19:10:14 UTC 2003
Pawel Rogocz wrote:
>I have a qustion about bind behavior when it encounters glue records
>outside of authority of the currently queried server.
>Let's say I am trying to resolve time.com
>so at some point I am talking to one of the authoritative servers
>for .com, as I follow the delegation from root servers:
>$ dig time.com @H.GTLD-SERVERS.NET
>;; AUTHORITY SECTION:
>time.com. 172800 IN NS NS.PATHFINDER.com.
>time.com. 172800 IN NS NS2.PATHFINDER.com.
>time.com. 172800 IN NS NS3.TIMEINC.NET.
>time.com. 172800 IN NS NS4.TIMEINC.NET.
>;; ADDITIONAL SECTION:
>NS.PATHFINDER.com. 172800 IN A 184.108.40.206
>NS2.PATHFINDER.com. 172800 IN A 220.127.116.11
>NS3.TIMEINC.NET. 172800 IN A 18.104.22.168
>NS4.TIMEINC.NET. 172800 IN A 22.214.171.124
>so the server gives me four glue records, but it has no authority for
>two of them at they are outside .com.
>What the next step is going to be ?
>Putting the original query on hold and try to resolve names from .net,
>or it will go ahead and try to use one of the two "good ones" possibly
>ignoring the other two ? What if the servers in .com are not reachable,
>will ever try to use the .net servers ?
It'll use whatever glue it gets without discriminating by TLD. If it
encounters better, more "credible" information about the relevant names,
it'll overwrite whatever glue records it may have cached.
More information about the bind-users