From owner-freebsd-questions@FreeBSD.ORG Fri Nov 5 14:25:39 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 35DA21065672 for ; Fri, 5 Nov 2010 14:25:39 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id A74AE8FC15 for ; Fri, 5 Nov 2010 14:25:38 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id oA5EPYh2066909; Sat, 6 Nov 2010 01:25:35 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Sat, 6 Nov 2010 01:25:34 +1100 (EST) From: Ian Smith To: Jonathan McKeown In-Reply-To: <20101105120030.93D3E10656CA@hub.freebsd.org> Message-ID: <20101106001140.X16633@sola.nimnet.asn.au> References: <20101105120030.93D3E10656CA@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-questions@freebsd.org Subject: Re: Glue records (was Re: ATTN GARY KLINE) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Nov 2010 14:25:39 -0000 In freebsd-questions Digest, Vol 335, Issue 9, Message: 7 On Fri, 5 Nov 2010 10:27:38 +0200 Jonathan McKeown wrote: > On Friday 05 November 2010 09:28:27 Ian Smith wrote: > > But you don't always have any control of what parent nameservers do; > > eg we do DNS for a .com but both NS are in .au so DNS reports always > > whinge about lack of glue > > They should be whingeing about lack of clue (their own) unless I'm horribly > wrong about how DNS works. Indeed, my point .. I've tried quite a few free DNS health reporters over the time; some eg thednsreport.com list missing glue records as a warning, ending: "This will usually occur if your DNS servers are not in the same TLD as your domain" which is just the case, but others have splashed red ink over this one .. sorry, don't recall which offhand. > When a nameserver delegates a zone, it's not responsible for any of that > zone's records any more, with two exceptions. It provides NS records to > indicate which nameservers /are/ responsible, and it retains responsibility > for the A records of nameservers inside the zone - and only those > nameservers. (That's glue.) > > There's no way a .com nameserver should be providing A records for hosts in > the .au zone. Nor, I guess, .org nameservers having A RRs for a .net NS, like Gary's. > > nonetheless it works, though only after a hunt down through the .au > > servers, until cached. > > Yes, this is exactly what /should/ happen. Only the .au servers (or servers > they delegate to) are authoritative for hosts in the .au zone. Just so, Jonathan; I was referring to lack of clue of some reporting gadgets. dnscog.com got this one right, but its mail report is sus. cheers, Ian