Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

delegation-only message

0 views
Skip to first unread message

CharlesH

unread,
Apr 6, 2004, 4:58:35 PM4/6/04
to
I am running the 9.2.2 version of named with the "delegation-only" patch.
I get quite a few errors logged like:

enforced delegation-only for 'com' (ns1.swqj.com/A/IN) from 192.12.94.30#53
I believe these are due to glue records remaining behind when a domain
is suspended (swqj.com, in this case), for the sake of other still active
domains which use that name server.

My question is this: Is the delegation-only functionality flawed in that
it disallows perfectly valid situations, or is keeping the glue record
around an inappropriate action by the registrar of the suspended domain?


Paul Vixie

unread,
Apr 6, 2004, 7:02:18 PM4/6/04
to
ho...@exemplary.invalid (CharlesH) writes:

> enforced delegation-only for 'com' (ns1.swqj.com/A/IN) from 192.12.94.30#53

> I believe these are due to glue records remaining behind when a domain
> is suspended (swqj.com, in this case), for the sake of other still active
> domains which use that name server.

yes.

> My question is this: Is the delegation-only functionality flawed in that
> it disallows perfectly valid situations, or is keeping the glue record
> around an inappropriate action by the registrar of the suspended domain?

delegation-only is a dangerous option and it could even be called flawed in
that it violates the dns data model (which calls for zone-level autonomy).

the registry's action (keeping an A RR around even on an expired zone) is
also a violation of the dns data model (since, given zone-level autonomy,
the final arbiter of the existence of the glue name is the zone, which is
missing.) however, removing this glue usually breaks other zones that are
currently working (since their NS RR starts to dangle.)

both practices (delegation-only, and keeping orphaned glue) are arguably
wrong, and yet quite common.
--
Paul Vixie

Ketil Froyn

unread,
Apr 7, 2004, 5:30:40 AM4/7/04
to
On Wed, 2004-04-07 at 00:02, Paul Vixie wrote:

> ho...@exemplary.invalid (CharlesH) writes:
>
> > enforced delegation-only for 'com' (ns1.swqj.com/A/IN) from 192.12.94.30#53
>
> > I believe these are due to glue records remaining behind when a domain
> > is suspended (swqj.com, in this case), for the sake of other still active
> > domains which use that name server.
>
> yes.

>
> > My question is this: Is the delegation-only functionality flawed in that
> > it disallows perfectly valid situations, or is keeping the glue record
> > around an inappropriate action by the registrar of the suspended domain?
>
> delegation-only is a dangerous option and it could even be called flawed in
> that it violates the dns data model (which calls for zone-level autonomy).
>
> the registry's action (keeping an A RR around even on an expired zone) is
> also a violation of the dns data model (since, given zone-level autonomy,
> the final arbiter of the existence of the glue name is the zone, which is
> missing.) however, removing this glue usually breaks other zones that are
> currently working (since their NS RR starts to dangle.)

It is not expired, it is on REGISTRAR-HOLD. Since the dns data model
doesn't define how to treat a domain on REGISTRAR-HOLD, aren't the
registry/registrar entitled to be as considerate as possible? I wouldn't
say there's anything wrong with this behaviour.

As you say, if the glue were to be taken out of the com-zone, some
domains would stop working:

;; QUESTION SECTION:
;biznics.com. IN A

;; AUTHORITY SECTION:
biznics.com. 172800 IN NS ns1.swqj.com.
biznics.com. 172800 IN NS ns2.swqj.com.
biznics.com. 172800 IN NS ns3.swqj.com.

;; ADDITIONAL SECTION:
ns1.swqj.com. 172800 IN A 218.15.192.180
ns2.swqj.com. 172800 IN A 61.166.69.154
ns3.swqj.com. 172800 IN A 219.147.198.132

;; Query time: 96 msec
;; SERVER: 192.5.6.30#53(a.gtld-servers.net)
;; WHEN: Wed Apr 7 10:18:06 2004
;; MSG SIZE rcvd: 136

Ketil Froyn
ke...@froyn.name
http://ketil.froyn.name/


0 new messages