[dns-operations] Concerns regarding the ICANN/IANA DNS vulnerability checker

Peter Koch pk at DENIC.DE
Tue Aug 19 14:16:04 UTC 2008


On Tue, Aug 19, 2008 at 01:59:08PM +0200, Roy Arends wrote:

> Glue records in the additional section is at times needed to get to  
> the proper authoritative server.

true for referrals.

> Authoritative servers might get those glue records from cache.

Disagree. The additional section might be filled from the cache (or even
from authoritative data), but then it's not glue. Glue is about data
origin and is but one source for additional data.

> Another reason, and this is not that known, is that the authoritative  
> server needs to notify others at times, and needs to resolve and cache  
> those addresses, despite its configuration.

Yes, and whether this information should be used for anything else but
sending NOTIFY messages, is arguable.

-Peter



More information about the dns-operations mailing list