> [EMAIL PROTECTED] wrote:
> >=20
> > but its not example.orgs call if ns.isi.edu changed its ip
> > address to 127.0.3.12... is it? that would be the call of the
> > admin for ns.isi.edu.=20
> >=20
> > and if there were no contact information on that nameserver in
> > the form of a HOST record in the whois or comments (w/ glue) in
> > the DNS, then debugging an apparent problem is going to be much
> > harder. one could ask if its a service that the .org registry
> > is willing to offer on behalf of its clients and the Internet
> > community,=20
>
> This mistake in direction of authority is made time after time when =
> we're discussing glue.
> We're all trying to see the DNS from top to bottom.
> And we try to fit glue into that model.
>
> Now when for delegations, the authority is indeed distributed from top =
> to bottom:
> Root->TLD->zone->host
>
> For glue, the direction is diffent:
> Host->zone->TLD->root
>
> So if a host admin wants to change his glue, he has to contact his =
> parent, in this case the zone admin.
> So I aggree with Ed, It's the zone admin that deals with the TLD when =
> the glue needs to be changed.
> He's the "administrative" owner of the in zone glue record with the TLD =
> because he accepted that task when he became te zone owner.
>
> In the cases where the host is used out of zone, no glue is nessecary, =
> so no incentive is needed from the host's parent.
> Changing the host's NS set then is a simple bilateral agreement between =
> host owner and zone owner. The TLD is not involved, and should not be =
> administrating IP addresses for these hosts.
Which unfortunately is a common misconception. Glue is ANY
address record that is required to avoid a deadlock in the
resolution process. When the nameserver lives in the zone
being delegated you always have a deadlock in the resolution
process. When a nameserver lives in a sibling zone you
sometimes have a deadlock. When the name is outside of the
parent zone you seldom have a deadlock in the resolution
process.
If nameservers all serve the zone that live in, you can
avoid deadlocks in the later two cases as the requisite
glue records will be in the parent (including grand parents)
zones.
If you disallow the last case, all glue will be in parent
(including grand parents) zones only. This is managable
from the point of view of finding and removing bad glue
as there is a fixed list of potential zones to examine
and update. BIND enforces this case in code.
> In cases where glue is nessecary, the zone admin has an incentive to =
> contact his parent to change the glue, otherwise his zone doesn't work.
> =20
> In the .nl registry system we only need glue for ns1.example.nl if it's =
> in the NS set of example.nl.
> The only one that can change the delegation of example.nl is that zone's =
> owner.
> Other ***.example.nl hosts which are not in the NS set of example.nl do =
> not need glue.
> Only if example.nl changes it's delegation, and a new ***.example.nl is =
> added to the NS set, we ask for the IP and add glue.
>
>
> Antoin Verschuren
>
> Technical Policy Advisor
> SIDN
> Utrechtseweg 310
> PO Box 5022
> 6802 EA Arnhem
> The Netherlands
>
> T +31 26 3525500
> F +31 26 3525505
> M +31 6 23368970
> E [EMAIL PROTECTED]
> W http://www.sidn.nl/
>
>
> _______________________________________________
> DNSOP mailing list
> [email protected]
> https://www1.ietf.org/mailman/listinfo/dnsop
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
_______________________________________________
DNSOP mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dnsop
