IETF Logo Mail Archive

Re: Should a nameserver know about itself?

Robert Elz <kre@munnari.OZ.AU> Thu, 31 May 2001 07:33 UTC

Received: from nic.cafax.se ([192.71.228.17]) by ietf.org (8.9.1a/8.9.1a) with SMTP id DAA18287 for <dnsop-archive@odin.ietf.org>; Thu, 31 May 2001 03:33:27 -0400 (EDT)
Received: by nic.cafax.se (8.12.0.Beta5/8.12.0.Beta5) id f4V7Dj8H027616 for dnsop-outgoing; Thu, 31 May 2001 09:13:45 +0200 (MEST)
Received: from brandenburg.cs.mu.OZ.AU ([202.28.96.2]) by nic.cafax.se (8.12.0.Beta7/8.12.0.Beta5) with ESMTP id f4V7DfLt027610 for <dnsop@cafax.se>; Thu, 31 May 2001 09:13:43 +0200 (MEST)
Received: from brandenburg.cs.mu.OZ.AU (localhost [127.0.0.1]) by brandenburg.cs.mu.OZ.AU (8.11.0/8.11.0) with ESMTP id f4V7Dsd01587; Thu, 31 May 2001 14:13:55 +0700 (ICT)
From: Robert Elz <kre@munnari.OZ.AU>
To: Bruce Campbell <bruce.campbell@apnic.net>
cc: dnsop@cafax.se
Subject: Re: Should a nameserver know about itself?
In-Reply-To: <Pine.BSF.4.21.0105310930110.58053-100000@julubu.staff.apnic.net>
References: <Pine.BSF.4.21.0105310930110.58053-100000@julubu.staff.apnic.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 31 May 2001 14:13:54 +0700
Message-ID: <1585.991293234@brandenburg.cs.mu.OZ.AU>
Sender: owner-dnsop@cafax.se
Precedence: bulk

    Date:        Thu, 31 May 2001 09:44:33 +1000 (EST)
    From:        Bruce Campbell <bruce.campbell@apnic.net>
    Message-ID:  <Pine.BSF.4.21.0105310930110.58053-100000@julubu.staff.apnic.net>


  | Then (taking into account the RIR's previous experience with glue records
  | and the resounding lack of people caring about the reverse tree etc), what
  | would be the 'best' way of doing this?

  | 	Nameserver IPs collected at time of request, onus on
  | 	client/requestor to ensure that they are kept up to date.

That's the easy way of course.

  | 	RIR automagically keeps track of IP address changes applicable to
  | 	nameservers referenced as glue

That's the one I'd like.  In any random forward domain, that's probably
unsupportable.   In the in-addr.arpa tree, it is perhaps almost reasonable
to do that.

Recall we're only talking about necessary glue - not just any random A
record for any random nameserver that someone happens to dump on you.

If I request an in-addr.arpa delegation to munnari.oz.au and supply you
with munnari's current IP addresses, you should simply trash those
(ignore them - regardless of what I tell you, I really *don't* want you
listing A records for munnari in your servers, even if I don't know that
I don't want that, really, I don't...)

On the other hand, if I apply for in-addr.arpa delegation of 
1.168.192.in-addr.arpa and list ns.1.168.192.in-addr.arpa as the nameserver
and give you its A record, then that is necessary glue, and you have to
list it for the delegation to work.   Your only other option is to
refuse to do the delegation on the grounds that you don't like the
name of my nameserver - and that is not really acceptable.

Keeping track of those A records (since chances are that you'll only
see a handful, if that, a year) shouldn't be too hard - though for it
to work relies on the set of nameservers for the zone not all changing
addresses at the same time.  That ought to be an operational requirement
for any set of nameservers for a zone - but we know how seriously people
take those kinds of requirements...

kre

v2.23.0 | Report a Bug | By Email