DNSOP mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Bruce Campbell <bruce.campbell@apnic.net>
cc: dnsop@cafax.se
From: Robert Elz <kre@munnari.OZ.AU>
Date: Wed, 09 May 2001 18:51:15 +0700
In-Reply-To: <Pine.BSF.4.21.0105091625580.43413-100000@julubu.staff.apnic.net>
Sender: owner-dnsop@cafax.se
Subject: Re: Should a nameserver know about itself?

    Date:        Wed, 9 May 2001 16:33:11 +1000 (EST)
    From:        Bruce Campbell <bruce.campbell@apnic.net>
    Message-ID:  <Pine.BSF.4.21.0105091625580.43413-100000@julubu.staff.apnic.net>

  | We've assumed (in writing one of our automated delegation tests) that a
  | given nameserver is 'responding' if it knows about itself,

I agree with all the other "that's wrong" replies.

The point of this reply is that a good test of whether a namesever is
'responding' or not is whether it can supply you with a list of NS
records for the root.

Though there are people who argue that not even that is needed.

The test I actually use is whether the nameserver correctly answers
queries about the zones that are about to be delegated to it.

That is, if someone asks for zone.example.com to be delegated to
ns3.example.net then I send ns3.example.com queries about zone.example.com
and get it to tell me the NS records, SOA record, etc.   If the
answers to that are correct (and agree with the other server(s) to
be delegated to, then the delegation happens).  (Note, I only ask it for
other records if I know they must exist - that is, if a server is within
the zone, then its A record has to be present).   If the server listed
is within the domain requested to be delegated, then I send the query
to its IP address from the form, otherwise I get its IP address from
a DNS lookup - if that fails, then there is missing glue elsewhere).
And note, while rare, it is entirely possible for an in-addr.arpa
delegation to require glue A records.

It really isn't important what other information the server would be
able to supply if asked, for this delegation, all that matters is that
it supply the information that you're being asked to refer to it, and that
it supply the same (identical) information as all of the servers that
are to be delegated the same zone - resolvers should be able to pick any
and get the same answer.

The only people this doesn't work with are a few DNS broker types who
somehow have formed the opinion that the delegation should happen first,
and that after it happens, then they will set up their servers to handle
the zone.   Those I treat as being the loony fringe, and they do things
my way, or they don't get delegations...

kre

Follow-Ups:
- Re: Should a nameserver know about itself?
  - From: Cathy Murphy <cathym@arin.net>
- Re: Should a nameserver know about itself?
  - From: "Kenneth Porter" <shiva@well.com>
- Re: Should a nameserver know about itself?
  - From: Randy Bush <randy@psg.com>
- Re: Should a nameserver know about itself?
  - From: Mans Nilsson <mansaxel@sunet.se>

References:
- Should a nameserver know about itself?
  - From: Bruce Campbell <bruce.campbell@apnic.net>

Prev by Date: Re: Should a nameserver know about itself?
Next by Date: Re: Should a nameserver know about itself?
Prev by thread: Re: Should a nameserver know about itself?
Next by thread: Re: Should a nameserver know about itself?
Index(es):
- Date
- Thread

Home | Date list | Subject list