[OT] Domain Name Registrars

Mon May 22 00:29:06 UTC 2006

Doug Barton wrote:
> Troy Settle wrote:
>
>   
>> Here's the thing for name servers (at least as far as I understand
>> it)...
>>     
>
> With all due respect, the problem with postings like this is that it
> actually slows down the process of people finding out the truth for
> themselves by perpetuating misinformation. It's far better to either do the
> research and post accurate information, or avoid posting.
>
>   
>> the glue records must exist in the root servers for each registry.
>>     
>
> A) The only "root servers" are those that serve the root zone. What you're
> referring to are Top Level Domain (TLD) name servers. 
To clarify for myself, the root name servers are not authoritative for 
(most of) the TLDs.
The authoritative name servers for zones represented by the TLDs are the 
ones to which the root
name servers have delegated authority to for those zones.  So there are 
authoritative name
servers for the zones such as .ca, .gc.ca, .com etc.  However I have 
determined, using nslookup,
that for the .mil zone four of the root servers are authoritative, as 
one example.
> B) Policies on whether
> name server IP records are necessary for domain registration vary by
> registry. There is no hard and fast rule. C) "Glue" is a DNS term of art
> that refers specifically to IP addresses for servers whose hostnames are IN
> the zone they serve. For example, if you have the following NS records:
>
> example.org.	NS	ns1.example.org.
> example.org.	NS	ns2.example.org.
>
> Then glue records are _required_ in the ORG TLD name servers. Otherwise
> there is no way for anyone to reach your servers.
>   
So then what the registrars are doing (or supposed to be doing) is 
providing A and NS records
for the name servers in my parent zone which point to my primary name 
servers and
secondary name servers?  This then is the "glue" which makes recursive 
queries possible.

So, and pardon my verbosity, when a resolver needs to resolve dwlabs.ca, 
assuming it doesn't
have the data cached, it queries one of ca0[1,2,4,5,6].cira.ca or 
ns-ext.isc.org, which then
responds with the names and ip addresses of the authoritative name 
servers for dwlabs.ca.
Am I correct?
> However, for those situations where the name server hostnames are all out of
> zone, it's generally better to avoid putting IP address records for those
> hostnames in the parent zone (regardless of what level we're talking about
> here) because it makes the administration of the zones/domains much more
> difficult.
>   
>   
>> If your name servers are under the .ca TLD, and you're
>> registering a .com domain, then the .com registry must have the glue
>> records for your .ca name servers.
>>     
>
> That's actually exactly the opposite of the truth. If the name servers for
> your COM name are in CA, then the IP addresses can be resolved the normal
> way (recursively).
>   
So no glue, but an NS record as in
example.com.  IN NS   ns1.dwlabs.ca.  ?

In this case the response to the resolver query from the .com 
authoritative name server
will be that the unauthoritative answer is ns1.dwlabs.ca. Authoritative 
answers can be
found at ca0[1,2,4,5,6].cira.ca or ns-ext.isc.org.  ?  Because of this 
they don't need A records
for my domain, if I am correct.

So the privilege and responsibility of being a registrar includes , in 
addition to selling globally
unique domain names, is in getting and validating information from your 
clients regarding their
name servers and then passing on the information to parent zone name 
servers so that the
appropriate A records and NS records can be created and or updated (in a 
timely fashion).
>   
>> As an OpenSRS reseller, 
>>     
>
> eek,
>
> Doug
>
>   
Much thanks and respect to all for helping me start to truly understand 
this.

Sincerely

Duane Whitty
-- 
duane at greenmeadow.ca