Re: Should a nameserver know about itself?
Shane Kerr <shane@ripe.net> Thu, 31 May 2001 13:08 UTC
Received: from nic.cafax.se ([192.71.228.17]) by ietf.org (8.9.1a/8.9.1a) with SMTP id JAA23448 for <dnsop-archive@odin.ietf.org>; Thu, 31 May 2001 09:08:39 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by nic.cafax.se (8.12.0.Beta5/8.12.0.Beta5) id f4VCkFtq000435 for dnsop-outgoing; Thu, 31 May 2001 14:46:15 +0200 (MEST)
Received: from naptop.autonomica.se (flaptop.liman.sunet.se [193.10.90.102]) by nic.cafax.se (8.12.0.Beta7/8.12.0.Beta5) with ESMTP id f4VCkALt000430 for <dnsop@cafax.se>; Thu, 31 May 2001 14:46:10 +0200 (MEST)
Received: by naptop.autonomica.se (8.12.0.Beta1/8.12.0.Beta1) id f4VCjvZp000415 for dnsop@cafax.se; Thu, 31 May 2001 14:45:57 +0200 (MEST)
Received: from birch.ripe.net (birch.ripe.net [193.0.1.96]) by nic.cafax.se (8.12.0.Beta7/8.12.0.Beta5) with ESMTP id f4VAVjLt028801 for <dnsop@cafax.se>; Thu, 31 May 2001 12:31:45 +0200 (MEST)
Received: from x17.ripe.net (x17.ripe.net [193.0.1.17]) by birch.ripe.net (8.8.8/8.8.8) with ESMTP id MAA02833; Thu, 31 May 2001 12:29:10 +0200 (CEST)
Date: Thu, 31 May 2001 12:29:09 +0200
From: Shane Kerr <shane@ripe.net>
To: Robert Elz <kre@munnari.OZ.AU>
cc: dnsop@cafax.se
Subject: Re: Should a nameserver know about itself?
In-Reply-To: <1585.991293234@brandenburg.cs.mu.OZ.AU>
Message-ID: <Pine.BSI.4.05L.10105311148580.26280-100000@x17.ripe.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-dnsop@cafax.se
Precedence: bulk
On Thu, 31 May 2001, Robert Elz wrote: > | RIR automagically keeps track of IP address changes applicable to > | nameservers referenced as glue > > That's the one I'd like. In any random forward domain, that's > probably unsupportable. In the in-addr.arpa tree, it is perhaps > almost reasonable to do that. > > Recall we're only talking about necessary glue - not just any random > A record for any random nameserver that someone happens to dump on > you. > > If I request an in-addr.arpa delegation to munnari.oz.au and supply > you with munnari's current IP addresses, you should simply trash > those (ignore them - regardless of what I tell you, I really *don't* > want you listing A records for munnari in your servers, even if I > don't know that I don't want that, really, I don't...) But I suspect this is exactly what Bruce is suggesting! And to be honest, I think what most network administrators would expect. Not that I know most network administrators.... Looking at the in-addr.new file from ARIN reveals that there are less than 25000 unique servers, a nearly trivial number of lookups to perform to get glue information. A scan by each RIR, perhaps based on one of the TTL values in the SOA record with a reasonable minimum refresh time (wouldn't want to query NEC.COM every 2 hours, for instance) could probably achieve the goal of inserting glue records, although not in the way that the ns.x.y.z.in-addr.arpa A record fans want. :) This would also have the side benefit of being a nice reference for broken delegations, in case the Internet community wanted to pursue more proactive means of improving in-addr.arpa delegation. > On the other hand, if I apply for in-addr.arpa delegation of > 1.168.192.in-addr.arpa and list ns.1.168.192.in-addr.arpa as the > nameserver and give you its A record, then that is necessary glue, > and you have to list it for the delegation to work. Your only other > option is to refuse to do the delegation on the grounds that you > don't like the name of my nameserver - and that is not really > acceptable. > > Keeping track of those A records (since chances are that you'll only > see a handful, if that, a year) shouldn't be too hard - though for > it to work relies on the set of nameservers for the zone not all > changing addresses at the same time. That ought to be an > operational requirement for any set of nameservers for a zone - but > we know how seriously people take those kinds of requirements... This is probably so for a large number of cases, but not true for ISP's that have lots of disjoint IP space. True, they won't have to update the information very often once correct, but every time they buy a smaller ISP they're going to have to worry about not only integrating the different infrastructure into their own, but also now changing a set of records in one or more RIR databases to use their preferred name servers. There is also the issue of educating administrators on this methodology, which isn't the way that most forward delegation is carried out (e.g. one of nominum.com's name servers is ns-ext.vix.com, which doesn't fit in the "use only name servers in the domain to respond authoritatively for that domain" model. Does anyone who administers a lot of IP space have strong feelings on this issue? Shane
- Re: Should a nameserver know about itself? Mats Dufberg
- Should a nameserver know about itself? Bruce Campbell
- Re: Should a nameserver know about itself? Randy Bush
- Re: Should a nameserver know about itself? bert hubert
- Re: Should a nameserver know about itself? Nathan Jones
- Re: Should a nameserver know about itself? Mark.Andrews
- Re: Should a nameserver know about itself? Mark.Andrews
- Re: Should a nameserver know about itself? Bill Woodcock
- Re: Should a nameserver know about itself? Robert Elz
- Re: Should a nameserver know about itself? Mans Nilsson
- Re: Should a nameserver know about itself? Randy Bush
- Re: Should a nameserver know about itself? Mans Nilsson
- Re: Should a nameserver know about itself? Cathy Murphy
- Re: Should a nameserver know about itself? Cricket Liu
- Re: Should a nameserver know about itself? Kenneth Porter
- Re: Should a nameserver know about itself? Robert Elz
- Re: Should a nameserver know about itself? Cathy Murphy
- Re: Should a nameserver know about itself? Robert Elz
- Re: Should a nameserver know about itself? Bill Manning
- Re: Should a nameserver know about itself? Robert Elz
- Re: Should a nameserver know about itself? Olaf Kolkman
- Re: Should a nameserver know about itself? itojun
- Re: Should a nameserver know about itself? James Raftery
- Re: Should a nameserver know about itself? Shane Kerr
- Re: Should a nameserver know about itself? Cricket Liu
- Re: Should a nameserver know about itself? Bruce Campbell
- Re: Should a nameserver know about itself? Jim Reid
- Re: Should a nameserver know about itself? Mark.Andrews
- Re: Should a nameserver know about itself? Mats Dufberg
- Re: Should a nameserver know about itself? bert hubert
- Re: Should a nameserver know about itself? Jim Reid
- Re: Should a nameserver know about itself? Peter Koch
- Re: Should a nameserver know about itself? Peter Koch
- Re: Should a nameserver know about itself? Sam Trenholme
- Re: Should a nameserver know about itself? Robert Elz
- Re: Should a nameserver know about itself? Sam Trenholme
- Re: Should a nameserver know about itself? James Raftery
- Re: Should a nameserver know about itself? Bruce Campbell
- Re: Should a nameserver know about itself? Sam Trenholme
- Re: Should a nameserver know about itself? Mats Dufberg
- Re: Should a nameserver know about itself? Mans Nilsson
- Re: Should a nameserver know about itself? Jim Reid
- Re: Should a nameserver know about itself? Kenneth Porter
- Re: Should a nameserver know about itself? Mats Dufberg
- Checks performed during delegation. Bruce Campbell
- Re: Checks performed during delegation. Mats Dufberg
- Re: Should a nameserver know about itself? D. J. Bernstein
- Re: Should a nameserver know about itself? Shane Kerr
- Re: Should a nameserver know about itself? bert hubert
- Re: Should a nameserver know about itself? Robert Elz
- Re: Should a nameserver know about itself? Bruce Campbell
- Re: Should a nameserver know about itself? Bill Manning
- Re: Should a nameserver know about itself? D. J. Bernstein
- Re: Should a nameserver know about itself? Robert Elz
- Re: Should a nameserver know about itself? Robert Elz
- Re: Should a nameserver know about itself? Shane Kerr
- Re: Should a nameserver know about itself? Mark.Andrews
- Re: Should a nameserver know about itself? George Michaelson
- Re: Should a nameserver know about itself? Bruce Campbell
- Re: Should a nameserver know about itself? D. J. Bernstein
- Re: Should a nameserver know about itself? James Raftery
- Re: draft-durand-ngtrans-dns-issues-00.txt Jim Reid
- Re: draft-durand-ngtrans-dns-issues-00.txt Robert Elz