BIND 9 seems to be hiding necessary glue at the apex

Lars-Johan Liman liman at
Fri May 29 10:15:00 UTC 2015

[Using my old e-mail address, due to old list subscription. Will be
fixed. Please respond to liman at]


I think I tend to support Mark here, but it's a battle between "right"
and "expected".

In addition:

If you decide to publish text on this, can I ask you to start your text
with stating the circumstances: that you're discussing a thought (or
experimental) setup which is different from what's currently operating
on the public Internet, and that you want to have a server that is
authoritative the root but which is _not_ also authoritative for the
names used to carry the addresses for the root servers used (i.e., the names using the public root as an example). It took me
three reads of your text until I groked that part. ;-) (Maybe that's
already in the full text?)

Also, can I ask you to be a bit firmer with terminology. That a server
"serves" data doesn't really tell me that it's authoritative for it, and
that confused me a bit too.

But I would be truly interested in learning how large fraction of
resolvers (or how many users) actually depend on the glue being served
in the additional section, so that we know what we're up against if
things change in the future, and so that we can inform code writers to
write code that _doesn't_ expect this.

# Lars-Johan Liman, M.Sc.               !  E-mail: liman at
# Senior Systems Specialist             !  Tel: +46 8 - 562 860 12
# Netnod Internet Exchange, Stockholm   !

More information about the bind-workers mailing list