Glue records for secondary NS
casey at deccio.net
Fri Dec 5 17:30:22 UTC 2014
On Fri, Dec 5, 2014 at 11:47 AM, Robert Moskowitz <rgm at htt-consult.com>
> I have 3 secondaries run by other domains. This was to give me some
> geo-diversity. How do I create glue records for them? My registrar only
> lets me create glue records within my domain (the web form pre-provides the
> domain part of the fqdn).
Short answer: you don't need, nor should you configure glue, for the
servers run by the other domains.
Glue is only necessary if the server names (i.e., the NS targets) are
subdomains of the child zone. The reason why they are necessary is to
prevent a resolution loop. Here is the relevant text from RFC 1034
(section 4.2.1) :
"In particular, if the name of the name server is itself in the subzone, we
could be faced with the situation where the NS RRs tell us that in order to
learn a name server's address, we should contact the server using the
address we wish to learn. To fix this problem, a zone contains "glue" RRs
which are not part of the authoritative data, and are address RRs for the
servers. These RRs are only necessary if the name server's name is "below"
the cut, and are only used as part of a referral response."
If the server names are not subdomains of the delegated child zone (e.g.,
your case), then the resolver learns the addresses of the names using the
normal resolution process. Here is the relevant text from RFC 1034
(section 5.3.3) :
"These NS RRs list the names of hosts for a zone at or above SNAME. Copy
the names into SLIST. Set up their addresses using local data. It may
be the case that the addresses are not available. The resolver has many
choices here; the best is to start parallel resolver processes looking
for the addresses while continuing onward with the addresses which are
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users