In message <[email protected]>, Florian Weimer writes: > * Tony Finch: > > > A question for those who know more about registry rules than me... > > Practically speaking, a registry-style zone operator must filter out > sibling glue, or there will be domain hijacks. The zone operator does > not know the structure of the reselling chain and cannot determine if > two zones are run by the same entity and can therefore properly > cross-glued.
Total garbage. This is not the registry's job. The only thing the registry has to ensure is that glue records get added/modified/changed by the correct registrant. A can contract with B to serve the zone. It is up to A to update the delegation NS records as the contract changes. It is up to B to maintain the address records. It is up to the registry, A and B to periodically check that the NS records and the address records the registry holds match what are being served and when they don't to take steps to bring them back into consistency with each other. > I don't know if this is done consistently. Probably not. > > By the way, has anyone reviewed OpenStack Designate for such issues? > (It's supposed to support multiple tenants.) > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
