To:
"Jordyn A. Buchanan" <jordyn@register.com>
cc:
Klaus Malorny <Klaus.Malorny@knipp.de>, Patrick <patrick@gandi.net>, "'ietf-provreg@cafax.se'" <ietf-provreg@cafax.se>
From:
Jaap Akkerhuis <jaap@sidn.nl>
Date:
Fri, 17 Aug 2001 16:52:44 +0200
In-reply-to:
Your message of Wed, 15 Aug 2001 12:28:09 -0400. <a05100c00b7a044dc8b02@[192.168.2.116]>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: host transfers -- actually, out-of-zone-glue
Most of the message in which you wrote this explains why glue records
are only needed for name servers that are authoritative for their own
domains, an argument that I'll admit I'm coming around to. However,
an argument against this approach that has been raised in the past is
that it is possible to create a situation in which two (or more
domains) use name servers in the other domain(s), so that none of
them end up having glue or being useful. For example:
A.XXX has name servers NS1.B.YY and NS2.B.YY.
B.YY has name servers NS1.A.XXX and NS2.A.XXX.
Under your scheme, neither of these domains will work. For that
matter, under your scheme, even if A and B were both in domain XXX,
they would not work. A modified version of your scheme could fix the
problem by checking for such situations within a single registry, but
is utterly unresolvable if the domains are in different registries.
This is a basic problem. People should not do things like that. I
have been told that modern versions of nameserver lately don't
accept out of zone glue to prvent cache poisoning. So even if you
put it in your zone file, things stll might not work with such a
configuration.
In the .nl registry for years we never allowed out of zone glue in
the zonefile. We have only once seen that somebody shot his/her
foot with a configuration like this.
jaap