On Sat, 26 May 2001, tc lewis wrote:
>
> On Fri, 25 May 2001, Mark Jeftovic wrote:
> > I think, it's because in .com/.net/.org (NSI/Verisign registry) they put
> > glue records in the roots for each nameserver. If you had multiple
> > A recs for a given IP address, when it came time to change it, it would
> > require an exhaustive search of all the glue records in the root zone,
> > everytime.
>
> ip addresses don't have A records (well, it wouldn't do anything if they
> did, i should say); they have PTR records. your explanation is
> technically incorrect -- no such exhaustive search would take place.
>
Ok, let me rephrase, there are glue records in the roots. If you had to
change a glue record (like when you alter the IP address of a
nameserver) you would have to find all of them. If there is
only one, you don't.
When you think about it, the restriction makes sense iff you are keeping
glue records in the roots. If so, I could see all kinds of problems
ensue as "private labelled nameserver records" for lack of a better term
for it get orphanned or forgotten about when nameservers change IPs.
Take a simpler scenario now, where somebody once-upon-a-time creates
a nameserver record for www.example.com (bad move) and various domains
use it, and over the years drift elsewhere. Then comes the day when the
owner of example.com tries to change the A rec for www.example.com and
finds the change isn't propogating, why? Because of the stale glue record
in the roots. How to delete it? First you have to find the domain that
still has it delegated as a nameserver. How do you do that? Who knows.
Multiply above scenario by N where N is the number of extra nameserver
records with various different hostnames for a given IP and it gets messy.
The alternative is to not carry glue records in the roots, but this would
seem to violate RFC2870.
>
> > Also, it is not necessarily a 1-to-1 rule, you can legally go the other
> > way, round-robining a single nameserver record over multiple IP addresses.
>
> no you can't, at least not through opensrs, and i doubt through any other
> com/net/org registrar at the moment (until nsi switches to the new rrp).
>
I know of one:
[markjr@tex> whois "ho [EMAIL PROTECTED]"
[No name] (VRX-HST)
Hostname: NS1.VRX.NET
Address: 199.166.24.1 216.13.126.22
System: ? running ?
Coordinator:
Sexton, Richard J (RS79) [EMAIL PROTECTED]
VRx Network Services, Inc.
Maitland House
Bannockburn
Ontario
K0K 1Y0
CA
+1 (613) 473-1719 (FAX) n/a
Record last updated on 27-Mar-2001.
Database last updated on 25-May-2001 13:20:00 EDT.
[markjr@tex> dig @a.gtld-servers.net s ns1.vrx.net
;; ANSWER SECTION:
ns1.vrx.net. 2D IN A 199.166.24.1
ns1.vrx.net. 2D IN A 216.13.126.22
It may be a fluke but I think it was done intentionally, I seem to
remember commenting about it to Sexton the first time I noticed it.
-mark
--
mark jeftovic
http://www.easydns.com
http://mark.jeftovic.net
