[dns-operations] Verisign won't delete obsolete glue records?
ajs at anvilwalrusden.com
Tue Mar 2 19:49:14 UTC 2021
On Mon, Mar 01, 2021 at 04:35:47PM -0800, Doug Barton wrote:
>Perhaps I didn't ask my question clearly enough. Let's take a
>delegation for example.com to ns1.example.info and ns2.example.info.
>There will be no host records at Verisign for those two names, right?
If the registry uses both domain objects and host objects, then there will be host objects in the EPP registry for ns1.example.info and ns2.example.info, but neither is permitted to have an IP address in the com registry because they're out-of-bailiwick and therefore the IP addresses are forbidden. In addition, the glue can't show up in the com zone file because it's out of bailiwick. All you need to do is tell the registry to use those hosts as nameservers. You need to update the host data in the .info database, presuming those hosts are in use as nameservers there, in order that the IP data be correct there. (This is important because there are still resolvers -- last I heard, 220.127.116.11 was among them, but I could be out of date -- that are parent-sticky and so will cache and use the glue data from the parent side of the zone cut.)
Some registries will not allow host objects to be associated with a domain object that is sponsored by someone else (i.e. with a different registrar). So, for instance, if anvilwalrusden.com is registered through registrarA and example.com is registered through registrarB, there can be registry policy forbidding an association between anvilwalrusden.com and ns1.example.com, on the grounds that example.com could expire and this would force anvilwalrusden.com to be lame. (The EPP rules IIRC forbid deleting example.com when ns1.example.com still exists, but because registries exist to rent domain names they don't like to keep them around unpaid. So ns1.example.com often gets renamed to ns1.example.com.lame-delegation.invalid or something like that, in order to solve this. I will note that this can create big contention in the registry and at least one former colleague of mine broke the EPP host update command on purpose because of registry database problems.)
Hope that helps. If that doesn't answer your question, then I think I've misunderstood you.
 There is a mode of EPP in which nameservers are properties of domain objects instead of first-class objects that are associated, but AFAIK anyone who thought that was a good idea gave it up. If you renumber a host in such a case you have to update every associated domain, and there isn't really a way to look it up.
ajs at anvilwalrusden.com
More information about the dns-operations