Hi, On Thu, Mar 04, 2021 at 04:15:42PM +0000, Tony Finch wrote:
As far as I know, registries that don't have separate host objects require glue in fewer situations than Verisign-style registries.
I don't think this is true, and I don't think the model requires it either.
For example, if I change the delegation for dotat.at to include ns.example.at, I don't provide an IP address for ns.example.at because it doesn't belong to me, and the owner of example.at would not be able to keep my copy of the address of ns.example.at correct.
Yes. But in a host-object registry, the owner of the host object needs to update the glue, and just in case it is required. RFC 5732 says, "When a host object is provisioned for use as a DNS name server, IP addresses SHOULD be required only as needed to generate DNS glue records." To me, this means that the IP need not be required on internal hosts if the host is not the nameserver of the domain in question (EPP calls them "superordinate" and "subordinate", but I think most of us would say "parent" and "child"). There is an argument to be made that a host object should be prevented from getting an IP address attribute unless the sponsor (most people would say "registrar") of the domain object is the sponsor of the host object. I know ther e is such an arugment because I made it pretty forcefully one time (I lost ;-) ) The disadvantage of a nameserver-attribute arrangement is that, if the domain in question gets deleted, there isn't really a way within EPP to refuse that, because there's no necessary relationship between the nameserver attributes (they're just attributes, after all) and the domain object that is being removed. So there's a greater opportunity to create lame delegations. Best regards, A -- Andrew Sullivan [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
