[dns-operations] Verisign won't delete obsolete glue records?
dnsoarc at ext.deepcore.org
Tue Mar 2 20:19:08 UTC 2021
On Tue, Mar 2, 2021, at 15:10, Doug Barton wrote:
> For peace of mind I would much rather see the IP addresses in those host
> objects removed when they are not needed as glue, rather than being
> ignored, since that reduces the chance of a spurious glue record being
> published accidentally.
>From experience there is a lot of deviations there among registries,
all stemming from the fact that a given host object can have its name changed,
which means it might go from no need to have an IP address to do need of IP address,
or the opposite situation, hence you can see things as:
- some registries will force to provide an IP if initial name is internal
(and refuse any IP address is name is external, at creation time)
- some will instead refuse you to use a given host object (that is update a domain name
to use it) in a situation where
it would need to have an IP address and it hasn't yet.
- state of current IP address, if any, when the name is changed is also probably
not handled uniformly.
All of that also means that what is displayed from RDAP/Whois will be different
potentially from what the DNS exposes. The DNS should publish only what it needs to work
(so not all host objects), while RDAP/Whois access has to show everything registered
in the registry database, even if not used, so all host objects will appear that way.
Also, external host objects (host objects on name not in TLDs operated by registry)
can sometimes be shared among all registrars, or existing as duplicates, for each
registrar their own (if I recall correctly, too many cases to remember).
More information about the dns-operations