SIBLING GLUE address records (A or AAAA)

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue Oct 6 20:19:54 UTC 2009


> > On Mon, Oct 5, 2009 at 3:59 PM, Sergio Ramirez <sramirez at seciu.edu.uy
> > <mailto:sramirez at seciu.edu.uy>> wrote:
> >     example.xx  NS  ns1.example.xx
> >     example.xx  NS  ns2.example.xx
> >     ns1.example.xx A  11.22.33.44
> >     ns2.example.xx A  11.22.33.55
> >     otherexample.xx NS ns3.example.xx
> >     otherexample.xx NS ns4.example.xx
> > 
> >     the bind report these messages:
> > 
> >     "ns3.example.xx has no SIBLING GLUE address records (A or AAAA)"
> >     "ns4.example.xx has no SIBLING GLUE address records (A or AAAA)"
> > 
> >     because the glue records are not configured in the zone .xx, for
> >     ns3.example.xx and ns4.example.xx
> > 
> >     Are these glue records requiered ?

> Ben Croswell escribió:
> > Since the parent .xx is delegating to the second-level domains, if you
> > do glue for all four DNS servers you are preventing a remote DNS server
> > from having to go to the servers for example.xx to get the A records for
> > the DNS servers for otherexample.xx.

On 05.10.09 18:30, Sergio Ramirez wrote:
> But the problem is if the administrator of zone example.xx
> decides to change the ip address of the ns3.example.xx and
> ns4.example.xx,  the glue records will be wrong.

otoh, if the administrator of example.xx decides to remove ns3 and ns4,
otherexample.xx won't be able to resolve.

Imho, the sibling glue records are bad, just because of your example. They
should not be put in domain - only example.xx maintainer should be allowed
to put glue records for example.xx into the .xx zone and only when they are
used for .xx zone.

And imho, domains should not be registered on servers that do not have their
glue records in the proper zone, .xx or other. That would spare servers from
many useless lookups.
-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool. 



More information about the bind-users mailing list