On 08-Jan-2009, at 03:41 , Dawn Connelly wrote:
Right, but his question was regarding the host record for the name server. You tell the registrar the name and IP address of the name servers that are authoritative for the domain. The registrar then pushes those glue records to the root servers. Root doesn't care what the name and/or IP address of the name servers are. They are unrelated across domains. There isn't any cross domain verification. If you say that the FQDN and IP address of the authoritative name server is something, the registrar believes you and tells root. Root believes the registrar. The registrar and root don't do a lookup on the FQDN of the name server that is provided- hence it being called a glue record. You have to manually enter that data. At least that has been the case with ever registrar I've dealt with.
Again, this is quite wrong, on several points.Host records for his domain don't go into the root unless he's managing a TLD.. and if that's the case he's not dealing with a registrar.
Whether or not the registrar or the registry do a lookup on the host records being supplied is irrelevant to why the entry in the DNS is called glue. In cases where a nameserver is a subdomain of the domain it is authoritative for, delegations can't happen without the parent zone supplying an IP address... without the address being supplied by the parent zone you'd have a catch-22 in the resolution process. Supplying that IP address "glues" the two zones together.. hence the name.
And finally to the poster's original question..This is actually more of an issues of registr operations and/or EPP, rather than DNS. According to the EPP spec only the registrar sponsoring the domain can register host records within it. So, to borrow from someone else's example, only the domain holder for apple.com can register the host records ns1.apple.com and ns2.apple.com. The orange.com registrant can't create a host record for ns1.apple.com and register an IP address with it. The registrar *may* accept this data from the registrant anyway, but it shouldn't (according to the spec) be passed on to the registry. I suppose the registry could also accept it from the registrar (though in the case of .com I doubt this violation is occurring) but it shouldn't be published into the DNS. Only the host records registered by the apple.com domain holder should wind up there.
Matt
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
