[dns-operations] Accurately identifying glue records
Peter Koch
pk at DENIC.DE
Tue May 16 08:33:53 UTC 2006
On Mon, May 15, 2006 at 11:35:15PM +0200, Roy Arends wrote:
> Does it judge the 'properness' of glue or the non-existence of it?
> (not that it needs to, just curious).
first off, it depends on the parent to respond with "glue" to an explicit
A RR query. Modern parents would send a referral.
> which happens to reside on nameservers with a 'org' name, glue should
> not be included. Not even when that same server is authoritative for
> that 'org' name. This out-of-bailiwick glue is poisonous and correct
> resolvers must ignore it. It only leads to inflated packets.
Well, that's about additional information, not "glue".
> Does it really matter where the glue in the additional section comes
> from ? Even when its through cached material instead of glue included
> in the zone. As long as the glue is in-bailiwick, the resolver can't
> tell.
The question should be phrased differently: "Does it really matter where the
data in the additional section originates from?" (because if you call it glue,
you've already answered the question.
And that's the basic point: what's John trying to solve with this script?
<ad shameless>For a discussion of "glue" vs. "additional information"
pls see draft-koch-dns-glue-clarifications-01.txt. For now I'll take comments
privately.</ad>
-Peter
More information about the dns-operations
mailing list