[dns-operations] Are IANA GlueCoherencyCheck for authoritative name servers correct?

Sat, 21 Dec 2013 03:53:15 -0800 

Hi!
I have some questions about the IANA checks for name servers, especially this one: 

>
>> - GlueCoherencyCheck
>>
>> - The A and AAAA records [] returned from the authoritative name server
>> [B.DNS.NIC.WIEN] are not the same as the supplied glue records
>> [193.170.61.4, 2001:62A:A:2000:0:0:0:4].
>> - The A and AAAA records [] returned from the authoritative name server
>> [A.DNS.NIC.WIEN] are not the same as the supplied glue records
>> [194.0.25.15, 2001:678:20:0:0:0:0:15].
>> - The A and AAAA records [] returned from the authoritative name server
>> [C.DNS.NIC.WIEN] are not the same as the supplied glue records
>> [193.170.187.4, 2001:62A:A:3000:0:0:0:4].

I think this is related to this requirement:

> Consistency between glue and authoritative data

> For name servers that have IP addresses listed as glue, the IP 
addresses must match the authoritative A and AAAA records for that host.


TLD Zone: wien
Name Servers: a.dns.nic.wien, b.dns.nic.wien, c.dns.nic.wien.

Currently, the TLD name servers do not provide glue records for itself.

# dig @194.0.25.15 wien ns +nostat
;; QUESTION SECTION:
;wien.                          IN      NS
;; ANSWER SECTION:
wien.                   14400   IN      NS      a.dns.nic.wien.
wien.                   14400   IN      NS      b.dns.nic.wien.
wien.                   14400   IN      NS      c.dns.nic.wien.

I think this i correct, because nic.wien is delegation:

# dig @194.0.25.15 a.dns.nic.wien.
;; QUESTION SECTION:
;a.dns.nic.wien.                        IN      A
;; AUTHORITY SECTION:
nic.wien.               14400   IN      NS      sec1.rcode0.net.
nic.wien.               14400   IN      NS      sec2.rcode0.net.

And these name servers provide the answers:

# dig @sec1.rcode0.net. a.dns.nic.wien.
;; QUESTION SECTION:
;a.dns.nic.wien.                        IN      A
;; ANSWER SECTION:
a.dns.nic.wien.         3600    IN      A       194.0.25.15



I think the name servers for .wien are correctly configured, and the 
IANA GlueCoherencyCheck check is wrong, as the TLD name servers are not 
authoritative for a/b/c.dns.nic.wien. So, the GlueCoherencyCheck is 
wrong and should resolve a/b/c.dns.nic.wien not only by aksing the name 
servers, but by following the referal.


What do you think?

Thanks
Klaus

_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs






















					Reply via email to