About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [db-wg] Re: [dns-wg] Proposal to change the syntax of "nserver:" attribute

  • To: Peter Koch pk@localhost
  • From: Katie Petrusha katie@localhost
  • Date: Tue, 16 May 2006 12:13:53 +0200
  • Cc: db-wg@localhost, dns-wg@localhost
On Mon, May 15, 2006 at 03:10:15PM +0200, Peter Koch wrote:

Dear Peter,

<skip>

> > domain: test.net
> > nserver: ns2.example.com 168.0.0.1
> > 
> > Hope it is clearer now; any suggestions about better and clearer phrasing 
> > are appreciated.
> 
> That's fine, the owner name of the glue A/AAAA RR may be at any level
> greater or equal than the zone to be delegated. But ...
> 
> > The only new glue-related checks will be:
> > 1) Making sure all glue IPs listed in domain object are also listed 
> > in the zone at every nameserver
> 
> ... this test might fail in otherwise correct configurations. Unless
> explicitly excluded, a glue RR may belong to a zone _below_ the delegated
> one, so the servers of the delegated zone cannot be expected to
> authoritatively know the A/AAAA RR(s). 

Good point. Instead, this check could be implemented to just give a
warning if IPs are not listed or differ. So that user can make sure this
is intentional. Would that make sense?
Alternative way would be just to omit this check alltogether.

> I'd not believe this is common in
> e164.arpa, but than I'd also have thought there's no need for glue in that
> domain in the first place ...

There were already comments about this; I only have to mention that
initial request to support ipv6 glue came from e164.arpa users.

> > 2) Glue name must be within the same domain (already listed above)
> 
> Yep. And the check should include the presence of mandatory glue RRs.

Definitely.

> With a miced v4/v6 environment, would a name server with v6 only glue
> be accepted (v4 only obviously is)?

It seems sensible to accept v6 only glue. Since the checks for
ipv6-only nameserver will be done over IPv6, it should be accepted as long
as it works. Again, this could be also implemented to give a warning to make
sure this is indeed the intention.

> How many glue RRs would be allowed per name server entry?

How many glue RRs per name server entry would you estimate would be
needed? Obviously we will take estimation into account when implementing
this. Also, from the operational point of view, would this limit be
useful, or could it break something? Any feedback on this is also
appreciated.

Thanks very much for your comments!

-- 
Katie Petrusha
RIPE NCC
Post To The List:

Replies

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community