[afnog] RIPE in-addr help
Brian Candler
B.Candler at pobox.com
Thu Feb 3 18:56:11 EAT 2005
On Thu, Feb 03, 2005 at 10:25:37AM -0800, Randy Bush wrote:
> this statement is a bit too broad. you are using doc to check the
> psg.com zone. the psg.com zone is indeed correct.
That's true. However, the domain won't function correctly if the NS records
for the delegations don't resolve properly, and I've come across a number of
cases in the past where domains have been broken because of this (e.g.
because nameservers have been renumbered, and there's out-of-date glue
higher up the tree)
> but i
> don't think we want doc to test the transitive closure of foo.bar
> as that is likely to be most of the dns.
Indeed, that's a problem with following this to its logical conclusion, but
it's also a property of how the DNS is designed.
In order to resolve www.foo.com, I have to resolve ns.bar.net. In doing
that, I may have to lookup ns2.baz.org - and so on.
I'm not entirely sure why this process is stable, or indeed works at all. My
best guess is that it's because:
(1) in many cases foo.com is delegated to ns.foo.com, using glue;
(2) the number of nameservers on the Internet is small compared to the
number of domains. So once you've successfully resolved dns-01.ns.aol.com
(say), you can use this to bootstrap many other domains which sit on the
same set of nameservers.
There's also the "Additional Section" returned in DNS queries, which can
contain cached A records for NS records - but as a potential source of cache
poisoning, I doubt that caches can make much use of it these days.
Regards,
Brian.
More information about the afnog
mailing list