On Mon, 20 Apr 2020 at 13:50, Tony Finch <d...@dotat.at> wrote: > Different registries have different rules about glue records. Some require > glue addresses for any nameserver that is a subdomain of the registry > (.com in this case), not just for in-bailiwick delegations. > > I call this "sibling glue". There was a fairly informative discussion > when I asked about it a few years ago: see the thread starting at > https://lists.dns-oarc.net/pipermail/dns-operations/2015-June/013402.html
So, from what I understand here, to create an NS record in .com a registrant must point it (for in-bailiwick) to an existing glue record (or create one for the owned domain). This automatically excludes pointing the NS record to NX domains or subdelegations for which he does not have the control of parent SLD (e.g. aws ec2 hostname). On Mon, 20 Apr 2020 at 14:51, Vladimír Čunát <vladimir.cunat+i...@nic.cz> wrote: > Let me add resolver point of view. > > As noted, these records are not required but are in bailiwick of .com, > so it's reasonable to trust their value and speed up resolution that > way. I believe there's nothing CloudFlare-specific in there. (For > example, Knot Resolver trusts these by default.) This raises another question, registries do not enforce the consistency between glue records and the same records served by the authoritative nameservers, right? In this case what could happen is that in the case of inconsistency, out-of-bailiwick domain and in-bailiwick are resolved through different nameservers IPs. Thanks a lot for the answers. Best Regards, Raffaele -- ________________________________ Raffaele Sommese Mail:raffyso...@gmail.com About me:https://about.me/r4ffy Gpg Key:http://www.r4ffy.info/Openpgp.asc GPG key ID: 0x830b1428cf91db2a on http://pgp.mit.edu:11371/ _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
