A question for those who know more about registry rules than me... In the .example zone there can be five kinds of delegation NS record (taking each record separately rather than the whole delegation NS RRset). The requirements I am stating below are from the DNS point of view rather than from the registry point of view.
glue-forbidden.example. IN NS ns0.example.net. ; ; You must not provide glue when the name server host name is not a ; subdomain of the parent domain (.example in this case). not-glue.example. IN NS ns1.example. ; ; A child zone's name server host name can be in the authoritative data ; for the parent zone. This isn't glue. glue-required.example. IN NS ns2.glue-required.example. ; ; You must provide glue when a child zone has a name server whose host ; name is a subdomain of the child zone's apex. ; There are two cases where a child zone has a name server whose host name ; is a subdomain of a different sibling child zone of the same parent zone. sibling-must-glue.example. IN NS ns2.glue-required.example. ; ; The name server of this child zone can also be a name server of its ; sibling zone, in which case the sibling delegation must provide glue. sibling-may-glue.example. IN NS ns3.sibling.example. ; ; The name server of this child zone can be a subdomain of its sibling ; zone but not a name server for the sibling zone. Glue is optional in ; this case. So, to a large extent, you can update a delegation knowing only data that is in the child zone. (You might also need to know about descendent zones, for cases like cam.ac.uk. IN NS dns0.cl.cam.ac.uk.) But it gets tricky if the registry requires sibling glue, since that means an update might need to know (or find out) quite a lot of contextual information. How common is it for registries to require glue for cases like sibling-may-glue.example? I suppose it makes sense from the registry point of view to require glue for all names which are subdomains of the parent zone; that means a host object can be attached to any domain object without having to worry if the delegation might lack glue that it needs. Also I get the vague impression that sibling delegations can cause interesting problems wrt ownership of host objects. For instance, is it normal for client A to be able to create host objects under a domain owned by client B? (These are edge cases which I can easily ignore, but they are annoyingly awkward...) Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Dogger: Northwest 5 or 6, becoming variable 3 or 4 later. Moderate, occasionally slight later. Fair. Good. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
