[dns-operations] Reporting glue as authoritive data -- Bug!

Frederico A C Neves fneves at registro.br
Mon Jan 28 13:32:31 UTC 2008


On Sat, Jan 26, 2008 at 11:18:13AM +1100, Mark Andrews wrote:
> 
> > On 25-Jan-2008, at 11:39, Edward Lewis wrote:
> > 
> > >> No matter what the DNS outputs, if the glue is not updated  
> > >> correctly we will have problems.  That's the rool of the evil.  The  
> > >> secondary effect is 'it's a matter of how troubleshootable it is.'   
> > >> If the glue is completely out of whack it'll be obvious.  When the  
> > >> glue is partly out of whack (like one address still works and the  
> > >> other doesn't) it takes an experienced hand to tell what's going on  
> > >> with the current set of tools and documentation.
> > 
> > Out-of-date glue is going to cause headaches, no question.
> > 
> > However, there's a difference between the problem being simply a lame  
> > delegation at one of several available nameservers (which might well  
> > have no observable impact) and the problem manifesting itself as a  
> > random distribution of cached A records which looks like a cache  
> > expiry problem, but isn't.
> > 
> > I don't know that there's an answer to this, but at least I got to  
> > share my pain :-)
> 
> 	Follow the requirements of RFC 1034 and have the registry
> 	check that the glue matches the zone contents then perform
> 	whatever proceedure they have to inform the registrant.  If
> 	that means going through the a registrar then so be it.
> 
> 	Yes that means you have to set up proceedures to do this.
> 	Yes you may get the odd complaint.
> 	Yes you will get the odd "thank you".
> 	Yes the DNS will work better for *everyone* if you do this.

You are undoubtedly right. We have being doing this for a decade and
the benefits are much larger than the costs.

Fred



More information about the dns-operations mailing list