On Tue, Jul 27, 2021 at 4:16 PM John Levine <jo...@taugh.com> wrote: > It appears that Puneet Sood <pune...@google.com> said: > >Couple of comments and a readability suggestion > > > >* +1 to Geoff Huston's request to provide justification for why > >sibling glue is desirable in a response. Also would prefer to not make > >it mandatory in a referral response. ... > > I would prefer we completely remove the sibling glue, or at most move > it to an appendix of possbily useful minor improvements. > > We say that authoritative servers MUST return all the glue, which is true > for real glue, but not true for sibling glue (unless the sibling is in > a loop which is not something to encourage.) Let's not confuse people, > please. >
Just to make sure we're talking about the same thing, the definition of sibling glue is glue from another zone delegated from the same parent. I'm mentioning this because there appeared to be confusion during yesterday's meeting with the other case of cross zone glue from different parents with circular dependence, a configuration which we explicitly say cannot reliably work (and ultimately removed from the draft). For sibling glue, part of our rationale was indeed to cover the cases where it is required for resolution (and not just an optimization). Those configs usually do involve a cycle. But our goal was not to encourage or discourage such configurations, but to make it easier for implementers of authoritative servers. Since many implementations already provide sibling glue, it's easier to just provide them all, rather than figure out which are required or not. >* Section 5: Promoted or orphan glue > >The considerations for handling orphan glue will be different for a > >TLD vs a lower level zone within a domain. I would think that orphan > >glue in a TLD context should go away when a zone is deleted/expired. > >Maybe even have sanity checking to prevent such an operation. > > This is a political question, not a technical one. If the DNS operator > has external knowledge that the orphan's domain has not been delegated > to someone else, you can make a case to leave the glue. The usual > example is a name in a TLD which has expired but is still in the grace > period, > but it can happen anywhere someone delegates names; I run registries > at the third level like watkins-glen.ny.us. > > I don't see how we can offer any more than general and vague advice here. > Yeah, after thinking about this since yesterday, I'm now a little skeptical that we should cover this potentially thorny topic. Shumon.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
