--- Begin Message ---
> On Mar 2, 2021, at 12:10 PM, Doug Barton <[email protected]> wrote:
>
> On 3/2/21 11:49 AM, Andrew Sullivan wrote:
>> On Mon, Mar 01, 2021 at 04:35:47PM -0800, Doug Barton wrote:
>>>
>>>
>>> Perhaps I didn't ask my question clearly enough. Let's take a delegation
>>> for example.com to ns1.example.info and ns2.example.info. There will be no
>>> host records at Verisign for those two names, right?
>> If the registry uses both domain objects and host objects ...
>
> I think you missed my followup where I indicated that from what I can see,
> Verisign is creating host objects for every host mentioned in a delegation
> regardless of bailiwick, but not putting glue records into the zone where
> they are not needed.
Hi Doug,
Verisign does not create these on its own, but rather requires the registrant
to set at least one IP address on what the EPP RFC 5732 calls an "internal
host." Any .COM or .NET host in the registry is considered an internal host.
An internal host can be used as a delegating name server for any .COM or .NET
domain in the registry. The delegation is made in the registry on the creation
of a domain or an update of a domain. The host must exist prior to the
delegation from a domain, so they must be set with the IP addresses to cover
the case of an in-bailiwick name server.
You said "but not putting glue records into the zone where they are not
needed." The only time something like that would happen is for what is called
orphan glue. As has been discussed on this list before, Verisign does not
publish orphan glue records in the zone files you can get (e.g. via CZDS) but
will include orphan glue records in DNS delegation responses when needed. But
I don't think that's what's happening in your case.
DW
>
> For peace of mind I would much rather see the IP addresses in those host
> objects removed when they are not needed as glue, rather than being ignored,
> since that reduces the chance of a spurious glue record being published
> accidentally.
>
> Doug
> _______________________________________________
> dns-operations mailing list
> [email protected]
> https://secure-web.cisco.com/11YBI52gE988BTx9qH-YZJ5y3kkSasGz65vyjTzgs3vqRFY7nRoAyfkfxumG1bZPJotjwx4uuIjryH2_f8ueNVktf2X_rFnINGggkxbDxCA3Q0NreJNioDmaQpThWqEd49BUHiEjovZuDVKmAzbGVW1Ky5NolUVR-KMq4Qs-JhSSIZ7hQyTxFf-iwVJe6snj2oLUXSiDqfX2DSPEjtQkxA67-QfywcNTu_e6hvxvMa_Dl_xNgiwCu5J28JCNaZIr2_7o8VDqqoCjcINVEQFSiBg/https%3A%2F%2Flists.dns-oarc.net%2Fmailman%2Flistinfo%2Fdns-operations
>
smime.p7s
Description: S/MIME cryptographic signature
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
