DNS: how to verify glue NS records?

Mark Andrews marka at isc.org
Fri Dec 5 22:56:30 UTC 2014

In message <548223DD.2050609 at mail.ru>, Alexei Malinin writes:
> On 12/05/14 23:33, Mark Andrews wrote:
> > ...
> > With all this said a RFC 2317 parent really should let their zone
> > be transfered as the child zone administrator needs a local copy
> > of the zone for when their external link goes down.  If they do not
> > have a local copy then reverse lookups will fail once the cached
> > CNAME records expire.
> >
> > If your ISP uses RFC 2317 and doesn't allow you to transfer the
> > zone go find a ISP knows what they are doing.
> Hello Mark.
> Thank you for pointing to this feature. Do you know any
> RFC/IANA/RIPE/etc documents which recommend to or require from the
> administrators of such RFC2317 parent servers to allow zone transfers to
> slave name servers in this case (it's difficult to convince my ISP)?

There are none and there shouldn't have to be any.  If the paragraph
about is not enough find a different provider.  Your current provider
does not have enough clue.

That said one could rev RFC 2317 to add such a directive.  The dnsop
working group at the IETF would be the place to send a RFC 2317 bis
internet draft.  Working groups are open to anyone.  Just join the
mailing list and contribute.

If you want you could also contact the authors of RFC2317 saying
that you want to do this.  They may even have the old nroff versions
you could use as a starting point.  Paul Vixie current email address
is paul at redbarn.org.



