Glue records (was Re: ATTN GARY KLINE)

[Ian Smith]

In freebsd-questions Digest, Vol 335, Issue 9, Message: 7
On Fri, 5 Nov 2010 10:27:38 +0200 Jonathan McKeown <j.mckeown at ru.ac.za> wrote:
 > On Friday 05 November 2010 09:28:27 Ian Smith wrote:
 > > But you don't always have any control of what parent nameservers do;
 > > eg we do DNS for a .com but both NS are in .au so DNS reports always
 > > whinge about lack of glue
 > 
 > They should be whingeing about lack of clue (their own) unless I'm horribly 
 > wrong about how DNS works.

Indeed, my point .. I've tried quite a few free DNS health reporters 
over the time; some eg thednsreport.com list missing glue records as a 
warning, ending: "This will usually occur if your DNS servers are not in 
the same TLD as your domain" which is just the case, but others have 
splashed red ink over this one .. sorry, don't recall which offhand.

 > When a nameserver delegates a zone, it's not responsible for any of that 
 > zone's records any more, with two exceptions. It provides NS records to 
 > indicate which nameservers /are/ responsible, and it retains responsibility 
 > for the A records of nameservers inside the zone - and only those 
 > nameservers. (That's glue.)
 > 
 > There's no way a .com nameserver should be providing A records for hosts in 
 > the .au zone.

Nor, I guess, .org nameservers having A RRs for a .net NS, like Gary's.

 > > nonetheless it works, though only after a hunt down through the .au
 > > servers, until cached.
 > 
 > Yes, this is exactly what /should/ happen. Only the .au servers (or servers 
 > they delegate to) are authoritative for hosts in the .au zone.

Just so, Jonathan; I was referring to lack of clue of some reporting 
gadgets.  dnscog.com got this one right, but its mail report is sus.

cheers, Ian