michael at rancid.berkeley.edu
Sun Jun 19 17:37:51 UTC 2011
On 06/18/11 19:22, Casey Deccio wrote:
> In particular, if the
> name of the name server is itself in the subzone, we could be faced with
> the situation where the NS RRs tell us that in order to learn a name
> server's address, we should contact the server using the address we wish
> to learn. To fix this problem, a zone contains "glue" RRs which are not
> part of the authoritative data, and are address RRs for the servers.
> These RRs are only necessary if the name server's name is "below" the
> cut, and are only used as part of a referral response.
How many levels "below the cut"?
> Even if referring servers return such RRs, they are considered
> out-of-bailiwick, and resolvers should resolve the names, rather than
> trust the additional RRs. i.e., .org servers should not be handing
> out RRs under .edu. Hence the dependencies, which can get long and
> complicated, but they're part of the DNS.
I didn't say that they should--only that the ORG registrar (or registry)
may have to enforce that glue exist in EDU and vice versa. That's the
point of sibling glue.
More information about the bind-users