On Aug 3 2009, Danny Mayer wrote:
Chris Thompson wrote:
[...]
You are misinterpreting what I said. Of course erroneous glue needs to be
corrected. But there is no need for the servers to return IP addresses
provided for glue as an *answer* to a query, as the *.gtld-servers.net ones
do, rather than giving a proper referral. (At least their answers are not
marked authoritative, unlike those from some other nameservers.)
It needs to be part of the answer if the nameserver is in the same
domain as the FQDN otherwise it won't know where to go for the answers.
That's the point of the glue.
It needs to be part of the *response*, not part of the *answer* (section).
In a referral, glue records appear in the additional section: the answer
section is empty.
When the *.gtld-servers.net servers are asked about dns3.potomacnetworks.com
(for example), they don't give a referral. They give an answer based on
what ought to be the glue record. This means that if the NS records for
potomacnetworks.com have not already been cached, a recursive nameserver
will believe this answer (and cache it). This would only be proper
behaviour if the *.gtld-servers.net were slaving (possibly stealth slaving)
potomacnetworks.com - which of course they aren't, but how is the poor
recursive nameserver to know that?
--
Chris Thompson
Email: c...@cam.ac.uk
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
