To:
Bruce Campbell <bruce.campbell@apnic.net>
cc:
dnsop@cafax.se
From:
Robert Elz <kre@munnari.OZ.AU>
Date:
Wed, 09 May 2001 18:51:15 +0700
In-Reply-To:
<Pine.BSF.4.21.0105091625580.43413-100000@julubu.staff.apnic.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Should a nameserver know about itself?
Date: Wed, 9 May 2001 16:33:11 +1000 (EST) From: Bruce Campbell <bruce.campbell@apnic.net> Message-ID: <Pine.BSF.4.21.0105091625580.43413-100000@julubu.staff.apnic.net> | We've assumed (in writing one of our automated delegation tests) that a | given nameserver is 'responding' if it knows about itself, I agree with all the other "that's wrong" replies. The point of this reply is that a good test of whether a namesever is 'responding' or not is whether it can supply you with a list of NS records for the root. Though there are people who argue that not even that is needed. The test I actually use is whether the nameserver correctly answers queries about the zones that are about to be delegated to it. That is, if someone asks for zone.example.com to be delegated to ns3.example.net then I send ns3.example.com queries about zone.example.com and get it to tell me the NS records, SOA record, etc. If the answers to that are correct (and agree with the other server(s) to be delegated to, then the delegation happens). (Note, I only ask it for other records if I know they must exist - that is, if a server is within the zone, then its A record has to be present). If the server listed is within the domain requested to be delegated, then I send the query to its IP address from the form, otherwise I get its IP address from a DNS lookup - if that fails, then there is missing glue elsewhere). And note, while rare, it is entirely possible for an in-addr.arpa delegation to require glue A records. It really isn't important what other information the server would be able to supply if asked, for this delegation, all that matters is that it supply the information that you're being asked to refer to it, and that it supply the same (identical) information as all of the servers that are to be delegated the same zone - resolvers should be able to pick any and get the same answer. The only people this doesn't work with are a few DNS broker types who somehow have formed the opinion that the delegation should happen first, and that after it happens, then they will set up their servers to handle the zone. Those I treat as being the loony fringe, and they do things my way, or they don't get delegations... kre