casey at deccio.net
Mon Jun 20 15:20:11 UTC 2011
On Sun, Jun 19, 2011 at 10:37 AM, Michael Sinatra
<michael at rancid.berkeley.edu> wrote:
> On 06/18/11 19:22, Casey Deccio wrote:
>> In particular, if the
>> name of the name server is itself in the subzone, we could be faced with
>> the situation where the NS RRs tell us that in order to learn a name
>> server's address, we should contact the server using the address we wish
>> to learn. To fix this problem, a zone contains "glue" RRs which are not
>> part of the authoritative data, and are address RRs for the servers.
>> These RRs are only necessary if the name server's name is "below" the
>> cut, and are only used as part of a referral response.
> How many levels "below the cut"?
It's arbitrary, but the context is names that are targets of NS RRs in
the delegating parent zone, e.g., edu to podunk.edu. It was not clear
to me from your example, but it appeared to me that dns.podunk.edu was
not directly delegated from edu, but that the podunk.edu zone existed
between edu and dns.podunk.edu. In that case, glue doesn't make sense
(to me, anyway) because it doesn't pertain to the zone being
delegated. In other words, this seems more like "uncle/nephew" glue
than "sibling" glue.
>> Even if referring servers return such RRs, they are considered
>> out-of-bailiwick, and resolvers should resolve the names, rather than
>> trust the additional RRs. i.e., .org servers should not be handing
>> out RRs under .edu. Hence the dependencies, which can get long and
>> complicated, but they're part of the DNS.
> I didn't say that they should--only that the ORG registrar (or registry) may
> have to enforce that glue exist in EDU and vice versa. That's the point of
> sibling glue.
Sorry, I misinterpreted your comments.
More information about the bind-users