This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[db-wg] Re: [dns-wg] Proposal to change the syntax of "nserver:" attribute
- Previous message (by thread): [db-wg] Re: [dns-wg] Proposal to change the syntax of "nserver:" attribute
- Next message (by thread): [db-wg] Re: [dns-wg] Proposal to change the syntax of "nserver:" attribute
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Katie Petrusha
katie at ripe.net
Tue May 16 12:13:53 CEST 2006
On Mon, May 15, 2006 at 03:10:15PM +0200, Peter Koch wrote: Dear Peter, <skip> > > domain: test.net > > nserver: ns2.example.com 168.0.0.1 > > > > Hope it is clearer now; any suggestions about better and clearer phrasing > > are appreciated. > > That's fine, the owner name of the glue A/AAAA RR may be at any level > greater or equal than the zone to be delegated. But ... > > > The only new glue-related checks will be: > > 1) Making sure all glue IPs listed in domain object are also listed > > in the zone at every nameserver > > ... this test might fail in otherwise correct configurations. Unless > explicitly excluded, a glue RR may belong to a zone _below_ the delegated > one, so the servers of the delegated zone cannot be expected to > authoritatively know the A/AAAA RR(s). Good point. Instead, this check could be implemented to just give a warning if IPs are not listed or differ. So that user can make sure this is intentional. Would that make sense? Alternative way would be just to omit this check alltogether. > I'd not believe this is common in > e164.arpa, but than I'd also have thought there's no need for glue in that > domain in the first place ... There were already comments about this; I only have to mention that initial request to support ipv6 glue came from e164.arpa users. > > 2) Glue name must be within the same domain (already listed above) > > Yep. And the check should include the presence of mandatory glue RRs. Definitely. > With a miced v4/v6 environment, would a name server with v6 only glue > be accepted (v4 only obviously is)? It seems sensible to accept v6 only glue. Since the checks for ipv6-only nameserver will be done over IPv6, it should be accepted as long as it works. Again, this could be also implemented to give a warning to make sure this is indeed the intention. > How many glue RRs would be allowed per name server entry? How many glue RRs per name server entry would you estimate would be needed? Obviously we will take estimation into account when implementing this. Also, from the operational point of view, would this limit be useful, or could it break something? Any feedback on this is also appreciated. Thanks very much for your comments! -- Katie Petrusha RIPE NCC
- Previous message (by thread): [db-wg] Re: [dns-wg] Proposal to change the syntax of "nserver:" attribute
- Next message (by thread): [db-wg] Re: [dns-wg] Proposal to change the syntax of "nserver:" attribute
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]