nameserver registration

Michael Sinatra michael at
Sun Jun 19 17:37:51 UTC 2011

On 06/18/11 19:22, Casey Deccio wrote:

> In particular, if the
> name of the name server is itself in the subzone, we could be faced with
> the situation where the NS RRs tell us that in order to learn a name
> server's address, we should contact the server using the address we wish
> to learn.  To fix this problem, a zone contains "glue" RRs which are not
> part of the authoritative data, and are address RRs for the servers.
> These RRs are only necessary if the name server's name is "below" the
> cut, and are only used as part of a referral response.

How many levels "below the cut"?

> Even if referring servers return such RRs, they are considered
> out-of-bailiwick, and resolvers should resolve the names, rather than
> trust the additional RRs.  i.e., .org servers should not be handing
> out RRs under .edu.  Hence the dependencies, which can get long and
> complicated, but they're part of the DNS.

I didn't say that they should--only that the ORG registrar (or registry) 
may have to enforce that glue exist in EDU and vice versa.  That's the 
point of sibling glue.


More information about the bind-users mailing list