[H-SASIG] Move of Excalibur
Russell Stuart
russell-humbug at stuart.id.au
Fri Jan 1 03:57:58 EST 2010
On Fri, 2010-01-01 at 03:02 -0500, Robert Brockway wrote:
> The glue record is really just an A record in the parent zone file, so the
> TTL of the parent zone applies.
There is no doubt clients who read the glue record get the glue record's
TTL. But the question is when if ever, is the glue record itself
updated in the parent zone. My guess is the glue record is treated as
authoritative, and thus never times out.
Think of it this way. Lets say all DNS servers for xyz.com are hosted
on xyz.com servers. Eg, they are ns1.xyz.com, ns2.xyz.com, and
ns3.xyz.com. If the parent zone invalidated all of those zones because
of TTL expiry, how is it going to look them up again? It can't. Ergo
they don't ever expire.
You might hope they would be a bit smarter about it. For example, in
our case assume the servers for humbug.org.au where just
cartman.pipegrep.com.au and excalibur.humbug.org.au. If you enter
excalibur.humbug.org.au after entering cartman.pipegrep.com.au, you
might hope they would ask cartman.pipegrep.com.au for excalibur's IP
address. They don't though. As far as I can tell, the glue records are
only every updated manually.
More information about the Sasig
mailing list