Edward Lewis <edlewis.subscri...@cox.net> writes:
> My concern with the glue records is more substantial. There are two
> use cases to consider.
>
> One case is where the addresses of the NS names are owned in a
> different (perhaps sub) zone. The other case is where the addresses
> are in zone that is “above” the child but still under the parent -
> think multi-label deep parents.
I think your out-of-bailiwick use cases are certainly problematic, and
not designed to be covered by this document. IE, there is no way to
indicate whether to pull glue from siblings or not within a particular
zone, nor should there be. All you can say to pull is the NS record,
which the CSYNC record provides. Clearly siblings are out of bailiwick
and I don't think there is much to do or say here.
The harder case you pointed out is when it is a child of the child
(or maybe more clearly: grandchild of the parent) that holds the address
records for the NS record. Clearly this gives the impression that the
child has some control over the address and when it's safe to pull vs
when its not. The CSYNC record can't really convey there is a zone
break in this case, nor do I want the parent to attempt to determine in
multiple-sub-levels that a zone break exists. So how about this as a
new sub-section of the operational considerations section:
4.3. Out-of-balliwick NS Records
When a zone contains NS records where the domain-name pointed at does
not fall within the zone itself, there is no way for the parent to
safely update the associated glue records. Thus, the child DNS
operator MAY indicate that the NS records should be synchronized, and
may set any glue record flags (A, AAAA) as well, but the parent will
only update those glue records which are below the child's delegation
point.
Children deploying NS records pointing to domain-names within their
own children (the "grandchildren") SHOULD ensure the grandchildren's
associated glue records are properly set before publishing the CSYNC
record. I.E., it is imperative that proper communication of
synchronization efforts exist between the child and the grandchild.
[more later on the other subjects; I'm not ignoring them; just splitting them]
--
Wes Hardaker
Parsons
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
