SIBLING GLUE address records (A or AAAA)
Sergio Ramirez
In the following example, the authoritive server for
zone .xx has configured the delegations of the zones example.xx
and otherexample.xx:
example.xx NS ns1.example.xx
example.xx NS ns2.example.xx
ns1.example.xx A 11.22.33.44
ns2.example.xx A 11.22.33.55
otherexample.xx NS ns3.example.xx
otherexample.xx NS ns4.example.xx
the bind report these messages:
"ns3.example.xx has no SIBLING GLUE address records (A or AAAA)"
"ns4.example.xx has no SIBLING GLUE address records (A or AAAA)"
because the glue records are not configured in the zone .xx, for
ns3.example.xx and ns4.example.xx
Are these glue records requiered ?
I understand that is not. Is this right ?
Regards,
--
Sergio R.
Ben Croswell
Since the parent .xx is delegating to the second-level domains, if you do glue for all four DNS servers you are preventing a remote DNS server from having to go to the servers for example.xx to get the A records for the DNS servers for otherexample.xx.
--
Sergio R.
_______________________________________________
bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
-Ben Croswell
Sergio Ramirez
But the problem is if the administrator of zone example.xx
decides to change the ip address of the ns3.example.xx and
ns4.example.xx, the glue records will be wrong.
--
Sergio R.
Ben Croswell escribi�:
> bind-...@lists.isc.org <mailto:bind-...@lists.isc.org>
Sebastian Castro
> Thanks for the answer Ben, I agree.
> But the problem is if the administrator of zone example.xx
> decides to change the ip address of the ns3.example.xx and
> ns4.example.xx, the glue records will be wrong.
That's why is usually a good idea to use nameservers under the domain
name being registered, to "allow" the registry to request for the
corresponding glue and add it to the parent zone.
Kind Regards
Sebastian Castro
> --
> Sergio R.
>
> Ben Croswell escribi�:
>> bind-...@lists.isc.org <mailto:bind-...@lists.isc.org>
Mark Andrews
In message <hadipa$o6m$1...@sepe.rau.edu.uy>, Sergio Ramirez writes:
> Hi,
>
> In the following example, the authoritive server for
> zone .xx has configured the delegations of the zones example.xx
> and otherexample.xx:
>
> example.xx NS ns1.example.xx
> example.xx NS ns2.example.xx
> ns1.example.xx A 11.22.33.44
> ns2.example.xx A 11.22.33.55
> otherexample.xx NS ns3.example.xx
> otherexample.xx NS ns4.example.xx
>
> the bind report these messages:
>
> "ns3.example.xx has no SIBLING GLUE address records (A or AAAA)"
> "ns4.example.xx has no SIBLING GLUE address records (A or AAAA)"
>
> because the glue records are not configured in the zone .xx, for
> ns3.example.xx and ns4.example.xx
>
> Are these glue records requiered ?
>
> I understand that is not. Is this right ?
>
> Regards,
> --
> Sergio R.
> _______________________________________________
> bind-users mailing list
> bind-...@lists.isc.org
Whether SIBLING GLUE is needed or not depends on what other glue
there is.
Take this example. The sibling glue is required for the delegation
to work.
otherexample.xx NS ns3.example.xx
otherexample.xx NS ns4.example.xx
example.xx NS ns1.otherexample.xx
example.xx NS ns2.otherexample.xx
There are even more complicated examples that require out of zone
glue to work.
Working out which glue is accepted is a trade-off between being
able to track down bad data and having a delegation work. Named
accepts and returns glue that is under the parent. Bad glue is
then traceable.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Matus UHLAR - fantomas
> > <mailto:sram...@seciu.edu.uy>> wrote:
> > example.xx NS ns1.example.xx
> > example.xx NS ns2.example.xx
> > ns1.example.xx A 11.22.33.44
> > ns2.example.xx A 11.22.33.55
> > otherexample.xx NS ns3.example.xx
> > otherexample.xx NS ns4.example.xx
> >
> > the bind report these messages:
> >
> > "ns3.example.xx has no SIBLING GLUE address records (A or AAAA)"
> > "ns4.example.xx has no SIBLING GLUE address records (A or AAAA)"
> >
> > because the glue records are not configured in the zone .xx, for
> > ns3.example.xx and ns4.example.xx
> >
> > Are these glue records requiered ?
> Ben Croswell escribiďż˝:
> > Since the parent .xx is delegating to the second-level domains, if you
> > do glue for all four DNS servers you are preventing a remote DNS server
> > from having to go to the servers for example.xx to get the A records for
> > the DNS servers for otherexample.xx.
On 05.10.09 18:30, Sergio Ramirez wrote:
> But the problem is if the administrator of zone example.xx
> decides to change the ip address of the ns3.example.xx and
> ns4.example.xx, the glue records will be wrong.
otoh, if the administrator of example.xx decides to remove ns3 and ns4,
otherexample.xx won't be able to resolve.
Imho, the sibling glue records are bad, just because of your example. They
should not be put in domain - only example.xx maintainer should be allowed
to put glue records for example.xx into the .xx zone and only when they are
used for .xx zone.
And imho, domains should not be registered on servers that do not have their
glue records in the proper zone, .xx or other. That would spare servers from
many useless lookups.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool.