Re: [dns-operations] Cloudflare Rose and Rick in .com authoritative Nameserver
On Mon, Apr 20, 2020 at 03:40:56PM +0200, Raffaele Sommese wrote a message of 35 lines which said: > registries do not enforce the consistency between glue records and > the same records served by the authoritative nameservers, right? Some do, some don't. That's the beauty of the Internet:-) "It depends." ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Cloudflare Rose and Rick in .com authoritative Nameserver
On Monday, 20 April 2020 12:51:15 UTC Vladimír Čunát wrote: > ... > > As noted, these records are not required but are in bailiwick of .com, > so it's reasonable to trust their value and speed up resolution that > way. I believe there's nothing CloudFlare-specific in there. (For > example, Knot Resolver trusts these by default.) +1. -- Paul ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Cloudflare Rose and Rick in .com authoritative Nameserver
On Mon, 20 Apr 2020 at 13:50, Tony Finch wrote: > Different registries have different rules about glue records. Some require > glue addresses for any nameserver that is a subdomain of the registry > (.com in this case), not just for in-bailiwick delegations. > > I call this "sibling glue". There was a fairly informative discussion > when I asked about it a few years ago: see the thread starting at > https://lists.dns-oarc.net/pipermail/dns-operations/2015-June/013402.html So, from what I understand here, to create an NS record in .com a registrant must point it (for in-bailiwick) to an existing glue record (or create one for the owned domain). This automatically excludes pointing the NS record to NX domains or subdelegations for which he does not have the control of parent SLD (e.g. aws ec2 hostname). On Mon, 20 Apr 2020 at 14:51, Vladimír Čunát wrote: > Let me add resolver point of view. > > As noted, these records are not required but are in bailiwick of .com, > so it's reasonable to trust their value and speed up resolution that > way. I believe there's nothing CloudFlare-specific in there. (For > example, Knot Resolver trusts these by default.) This raises another question, registries do not enforce the consistency between glue records and the same records served by the authoritative nameservers, right? In this case what could happen is that in the case of inconsistency, out-of-bailiwick domain and in-bailiwick are resolved through different nameservers IPs. Thanks a lot for the answers. Best Regards, Raffaele -- Raffaele Sommese Mail:raffyso...@gmail.com About me:https://about.me/r4ffy Gpg Key:http://www.r4ffy.info/Openpgp.asc GPG key ID: 0x830b1428cf91db2a on http://pgp.mit.edu:11371/ ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Cloudflare Rose and Rick in .com authoritative Nameserver
On 4/20/20 12:24 PM, Raffaele Sommese wrote: > So, why these records are in the .com authoritative server? Is it > optimization for Cloudflare? Let me add resolver point of view. As noted, these records are not required but are in bailiwick of .com, so it's reasonable to trust their value and speed up resolution that way. I believe there's nothing CloudFlare-specific in there. (For example, Knot Resolver trusts these by default.) --Vladimir ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Cloudflare Rose and Rick in .com authoritative Nameserver
Raffaele Sommese wrote: > > Rose and Rick are not in-bailiwick records required for the resolution > of cloudflare.com (that use ns3-ns7.cloudflare.com as authoritative > NS). > > So, why these records are in the .com authoritative server? Different registries have different rules about glue records. Some require glue addresses for any nameserver that is a subdomain of the registry (.com in this case), not just for in-bailiwick delegations. I call this "sibling glue". There was a fairly informative discussion when I asked about it a few years ago: see the thread starting at https://lists.dns-oarc.net/pipermail/dns-operations/2015-June/013402.html Tony. -- f.anthony.n.finchhttp://dotat.at/ Biscay, East Fitzroy: Cyclonic 4 or 5, occasionally 6 in north, becoming variable 3 at times. Slight or moderate becoming moderate or rough. Showers. Good, occasionally moderate. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
[dns-operations] Cloudflare Rose and Rick in .com authoritative Nameserver
Hi Folks, I have a question if I run "dig NS EMBLEY.COM @a.gtld-servers.com", I receive: ;; AUTHORITY SECTION: EMBLEY.COM. 172800 IN NS rick.ns.cloudflare.COM. EMBLEY.COM. 172800 IN NS rose.ns.cloudflare.COM. ;; ADDITIONAL SECTION: rick.ns.cloudflare.COM. 172800 IN A 173.245.59.139 rick.ns.cloudflare.COM. 172800 IN 2606:4700:58::adf5:3b8b rose.ns.cloudflare.COM. 172800 IN A 173.245.58.141 rose.ns.cloudflare.COM. 172800 IN 2606:4700:50::adf5:3a8d Rose and Rick are not in-bailiwick records required for the resolution of cloudflare.com (that use ns3-ns7.cloudflare.com as authoritative NS). So, why these records are in the .com authoritative server? Is it optimization for Cloudflare? Thanks, Raffaele -- Raffaele Sommese Mail:raffyso...@gmail.com About me:https://about.me/r4ffy Gpg Key:http://www.r4ffy.info/Openpgp.asc GPG key ID: 0x830b1428cf91db2a on http://pgp.mit.edu:11371/ ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations