[dns-operations] is glue expected in this case?

Joe Abley jabley at hopcount.ca
Fri Jan 25 06:05:15 UTC 2019 

On 24 Jan 2019, at 07:34, Tony Finch <dot at dotat.at> wrote:

> Veaceslav Revutchi <slavarevutchi at gmail.com> wrote:
> 
>> I would expect this glue to be present at the tld if
>> ns-1281.awsdns-32.org was one of the name servers for awsdns-32.org
>> which is not the case. Is there another reason for this record to be
>> kept in the org zone?
> 
> My understanding is that most (not all) registries use a data model with
> separate domain and host objects, and these registries require a host
> object to exist for any NS record that is a child of any of the TLDs in
> the registry. [.com, .net, and .edu share a registry, for example] Whether
> a host object has to have addresses is a bit unclear to me:

I think (at least at one time) the working rule was that host objects should have populated address attributes if the name of the hosts was subordinate to a zone being published from the registry. As I remember it, this was mainly a rule because it was simple to understand by everybody and simple to code.

> the minimal
> requirement from the DNS is that an NS target should have glue if it is a
> child of the NS owner, but registries can require addresses in more
> situations than the DNS needs.

Yeah.

An additional wrinkle is that just because a host object has addresses doesn't mean that they will necessarily be published in the zone. It is reasonable to suppress a glue record from a host object that exists if there are no delegations that reference them, for example (perhaps the corresponding domain objects have been deleted, or suspended, or otherwise suppressed from publication) even if the domain that is superordinate to the host name is delegated.

> There's also some complication about
> whether a host object in the registry is actually published in the zone
> (for instance glue should be omitted if the parent domain is cancelled so
> it isn't promoted to authoritative data, but there may be other more
> obscure cases).

There have been cases where people tried to game registries into hosting such promoted records in the past, and I would hope that most people who run registries are careful about that these days.

Maybe the regiops people would have useful things to say with less handwaving than I am doing :-)


Joe

More information about the dns-operations mailing list