[dns-operations] Verisign won't delete obsolete glue records?

Andrew Sullivan ajs at anvilwalrusden.com
Tue Mar 2 21:56:23 UTC 2021


On Tue, Mar 02, 2021 at 12:10:44PM -0800, Doug Barton wrote:
>
>I think you missed my followup where I indicated that from what I can 
>see, Verisign is creating host objects for every host mentioned in a 
>delegation regardless of bailiwick, but not putting glue records into 
>the zone where they are not needed.

Verisign definitely uses host objects, and _has to_ have a host object for any name that is referred to as a name server.  That's just how EPP operates.

I think I didn't actually understand your followup.  Is the problem that there is an out-of-bailiwick host object that has an IP address?  Is this a legacy object such that, for instance, the registry used to be authoritative for foo., bar., and baz. and now it is only authoriative for foo. and bar. but the host object is in baz.?  I wouldn't be surprised to learn there are such things around with old IP addresses, but they can't get published anyway, right?  I mean?…

>For peace of mind I would much rather see the IP addresses in those 
>host objects removed when they are not needed as glue, rather than 
>being ignored, since that reduces the chance of a spurious glue record 
>being published accidentally.

… _how_ would they get "published accidentally"?  In what zone?  Glue records underneath baz. can't be published in the foo. or bar. zones no matter what: they're out-of-bailiwick and I'm unaware of any nameserver that would either publish such a record or, if it were received, accept it.

Best regards,

A

-- 
Andrew Sullivan
ajs at anvilwalrusden.com


More information about the dns-operations mailing list