Re: bind vs glue records

[Robert Elz <kre%munnari.OZ.AU@localhost>]

    Date:        Thu, 24 Mar 2016 16:41:58 +0000 (GMT)
    From:        Stephen Borrill <netbsd%precedence.co.uk@localhost>
    Message-ID:  <Pine.NEB.4.64.1603241628550.524%ugly.internal.precedence.co.uk@localhost>

  | With netbsd-7, BIND 9.10.2-P4 and using root.cache with no forwarders, I'm 
  | seeing problems with a few sites that have suspect glue records.

Are you sure that is related to glue?

In the DNS the value (the canonical name) of a CNAME record is not
supposed to be an alias (a name with a CNAME record attached).

That is, the DNS admin is supposed to chase chains (not that there
ever should be more than 1 to follow) of CNAME records when entering
the CNAME, just that once, rather than having every lookup have to
go hunting through a chain of CNAMES (of potentially unlimited length)
trying to find the answer.

When doing a lookup, if a CNAME is found, its value must bee used to
obtain the answer, if another CNAME appears, it is perfectly acceptable
for the resolver to report an error.

Whether that happens or not in common implementations tends to depend upon
all kinds of details about just how things happen, and what was chached,
and when.   But no-one should be depending upon it happening to work.

Glue is a record added to a zone that does not belong to the zone, but
which is required in order to make things work (eg: the A or AAAA records
for a nameserver in the parent zone, where the nameserver is in the
delegated child zone - but in order to find the address of the nameserver
(without the glue)you would first need to find the address of the nameserver
so you could ask it...)   That's why it is called glue - it does not really
belong, but it is needed to hold things together...

kre