[dns-operations] Reporting glue as authoritive data -- Bug!

Mark Andrews Mark_Andrews at isc.org
Fri Feb 1 01:22:03 UTC 2008

> At 4:58 +0000 1/31/08, Paul Vixie wrote:
> >plenty of delegation-only domains including TLD's are served by all-BIND9,
> >and so would already have hit this problem if it were still a problem.
> I don't agree with that logic.
>  From my perspective there are two cases in which I have seen hybrids. 
> I've described them before, now I'll call them the ARPA one and the 
> Ultra one.
> The ARPA one I know full well, it was a unique case of ARPA-NET-COM 
> interrelations.  Other TLDs might have a few cases of this double 
> side step, but it ARPA is rife with it.  Because this hits NET and 
> COM, Verisign's ATLAS is pretty well justified in using hybrids.  And 
> it might be that is it the only place they are needed.  My point 
> being, it might be that this is a problem unique to what COM and NET 
> see - or more accurately - have seen (in the past).

	The extra lookup would be a problem for ARPA regardless of
	which tld the server is in as it as almost no delegations
	are to servers in ARPA.  This adds a extra level of indirection
	that is not found in other TLDs.

	COM/NET introduces extra problems because they can support
	delegations that require glue outside of the individual
	TLD (COM or NET).

	Other TLDs don't support such delegations, the most they
	support is delegations that require sibling glue.  Attempts
	to setup delegations that require external glue fail.

	Changing COM and NET's glue acceptance policy to only publish
	glue for nameservers which are within the the relevent zone
	would bring them into line with all other TLDs.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the dns-operations mailing list