IETF Logo Mail Archive

Re: [DNSOP] DNS Terminology: Glue

Casey Deccio <casey@deccio.net> Sat, 14 March 2015 02:22 UTC

Return-Path: <casey@deccio.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09DAB1A8793 for <dnsop@ietfa.amsl.com>; Fri, 13 Mar 2015 19:22:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vegWTzPB1aBV for <dnsop@ietfa.amsl.com>; Fri, 13 Mar 2015 19:22:12 -0700 (PDT)
Received: from mail-ig0-x22c.google.com (mail-ig0-x22c.google.com [IPv6:2607:f8b0:4001:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC2031A882A for <dnsop@ietf.org>; Fri, 13 Mar 2015 19:22:06 -0700 (PDT)
Received: by igbue6 with SMTP id ue6so846815igb.1 for <dnsop@ietf.org>; Fri, 13 Mar 2015 19:22:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=deccio.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=PAa+aMzPD/O+EkM2BFy9sfFUl8Pl0nfzMHBtnOy7118=; b=H3FcOsjvA2ZR5Rq5pkI4PDeIxxFwxNluBoTa9xFaWTXMfK+js/cbZNUEZ5iroql9cE cD+8Mp5FNwlVP2spnUQljIGL9bWsoJvNVOneUDIh5XL1KVQNUSnpbzk3v6LiCw+a6KRF cmGBlxxncbwlBVJ22Lm1P+a3AKtTQuLSq3IL4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=PAa+aMzPD/O+EkM2BFy9sfFUl8Pl0nfzMHBtnOy7118=; b=TN7I0anKwDKL+B2awQ5uuBQFDVlJxsDIwVq7eQ2r79f9i7Egzrj8BpJh5IN5DrjfJA lJnETZuKUy+GMP5AmQVY6M7xwEIhj0SMVRgoYErNkuVOfZy+uHk/Fgf9LQF15PAnOlcY n0R13rtOLuvY3HWSL+wNpGCJjhVJJmryNIQuQGoSE2WVOINaWnY7N8DetbpwDb1pn5xW MuBBhoaX1lHTihaeJMBf9+TINrM0OKlKAW0uZ3SJC5YkkfIwTSi+ZUSnWdnQz5P80u5I 3wCDwRl9FJsi/6mPrw0DOCraJ2k592oaxQWs3Mj+/J4DikDQqifY24JMjhfwoKV9EMzK GQFQ==
X-Gm-Message-State: ALoCoQmE54v6gKvKu0PmfiN47iLBQP471OZx4jLtgEDkxS/PvgvotFo2Y+uxftpagpUIXhwOTqwW
MIME-Version: 1.0
X-Received: by 10.50.78.131 with SMTP id b3mr115672486igx.0.1426299726321; Fri, 13 Mar 2015 19:22:06 -0700 (PDT)
Received: by 10.50.57.233 with HTTP; Fri, 13 Mar 2015 19:22:06 -0700 (PDT)
In-Reply-To: <93BB91D1-DECD-4445-AA82-395BBC19375C@vpnc.org>
References: <m2vbi6ju6z.wl-Niall.oReilly@ucd.ie> <915A7EEB-CA46-41DC-AAC1-1B26E5BB227C@vpnc.org> <E63D7C23-577C-4AA1-BE00-F90BD9E6E64E@blipp.com> <alpine.LSU.2.00.1503121758100.23307@hermes-1.csi.cam.ac.uk> <D3D9B423-8A7A-4703-882A-12DE4CB490C0@vpnc.org> <CAEKtLiS5PyMhEwUK7jY_CKSDYr+UOtD3cp_6JDLp6cSuN_DkQA@mail.gmail.com> <93BB91D1-DECD-4445-AA82-395BBC19375C@vpnc.org>
Date: Fri, 13 Mar 2015 22:22:06 -0400
Message-ID: <CAEKtLiSFQLNHUVo86=sryYoh1+FSJ5ZrReE=L2Y1sCE1+Mdy3w@mail.gmail.com>
From: Casey Deccio <casey@deccio.net>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="089e0111d15687f95105113648a2"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/AREPS324-YNOSFT3WmJuDw9fTE8>
Cc: IETF DNSOP WG <dnsop@ietf.org>
Subject: Re: [DNSOP] DNS Terminology: Glue
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Mar 2015 02:22:14 -0000

On Fri, Mar 13, 2015 at 7:00 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:

> Casey noticing the updated, wider definition in 2181 kinda throws a wrench
> into the "what is not glue" discussion. Here is a proposed update to the
> draft that includes both definitions and discusses the ramifications of the
> update.
>
>    Glue records -- Resource records which are not part of the
>    authoritative data [for a zone], and are address resource records for
>    the servers [in a subzone].  These RRs are only necessary if the name
>    server's name is "below" the cut, and are only used as part of a
>    referral response.  (Definition from RFC 1034, section 4.2.1)
>
>    A later definition is that glue "includes any record in a zone file
>    that is not properly part of that zone, including nameserver records
>    of delegated sub-zones (NS records), address records that accompany
>    those NS records (A, AAAA, etc), and any other stray data that might
>    appear".  (Definition from RFC 2181, section 5.4.1) This definition
>    in RFC 2181 is wider than the one from RFC 1034, and bases the
>    definition on the contents of a zone file.  Some implementers might
>    only be thinking about the earlier definition when they see rules
>    about glue records.
>

 In the spirit of the statement (from the terminology draft):

"Some of the definitions differ from earlier RFCs, and those differences
are noted."

I think noting the definitions in the two RFCs is good, but additional
clarity is necessary to avoid perpetuating further confusion.

The RFC 2181 definition of glue is under the section clarifying rules for
"Data ranking".  Whether it is attempting to restate the definition of glue
generally or define glue for the the scope of this section/document alone,
that is not the focus of the section.

Anyway, this is clearly at odds with RFC 1034's definition.  For example,
RFC 1034 states that "[glue] RRs are only necessary..."--but delegation NS
records are always necessary (i.e., there is no "if...").  Also, the RFC
1034 (section 4.2.1) text immediately preceding that quoted in the "Glue
records" states:

"In particular, if the name of the name server is itself in the subzone, we
could be faced with the situation where the NS RRs tell us that in order to
learn a name server's address, we should contact the server using the
address we wish to learn. To fix this problem, a zone contains 'glue'
RRs...".

Understanding the motivation for glue helps us understand the definition of
glue, which is clearly for the address records.

Here is some proposed rewording that attempts to capture that:

Glue records -- Records "which are not part of the
   authoritative data [for a zone], and are address resource records for
   the servers [in a subzone].  These RRs are only necessary if the name
   server's name is "below" the cut, and are only used as part of a
   referral response.  Without glue "we could be faced with the situation
   where the NS RRs tell us that in order to learn a name server's
   address, we should contact the server using the address we wish to
   learn." (Definition from RFC 1034, section 4.2.1)

   The term "glue" is sometimes incorrectly used to refer to
   other resource records that are related to a
   delegation, such as address records included with a referral
   which are not strictly necessary due to the server's domain
   name falling below the zone cut, delegation or authoritative
   name server (NS) records (i.e., above or below the zone
   cut), or delegation signer (DS) records.

   RFC 2181 (section 5.4.1) denotes glue as "any record in a zone file
   that is not properly part of that zone, including nameserver records
   of delegated sub-zones (NS records), address records that accompany
   those NS records (A, AAAA, etc), and any other stray data that might
   appear".   This definition is explicitly applied to the use of the term
   within the document itself.  However, its application beyond the
document is
   questionable because of its contrast with both the motivation for an
definition of
   glue in RFC 1034.

Regards,
Casey

v2.23.0 | Report a Bug | By Email