On 03/28/2012 09:55 PM, Mark Foster wrote:
... So how does this relate to the .nz root zone and glue records for external DNS Server A records provided during registration, then? [see below]
Not sure what you mean. If you provide a glue IP address to a registrar that isn't for a name inside your domain, they may capture and store it, bit it's not stored in the NZ SRS and not published to the DNS. It's just useless bits cluttering up the registrar's database.
Well I just modified one of my .nz domains (using Discount Domains) ... it previously only had NS address records for it's DNS servers. I populated the IP of my first DNS server and their web management tool automatically resolved the other two and has populated the nameserver fields with both hostnames and IP addresses. The Address records are indeed outside of the zone in question. (Bonus points, the IP address field was indeed described as optional.)
As an exercise, I then modified my Primary DNS server for the domain in question, to be the correct address record, but an incorrect Ip address (8.8.8.8, ohai Google). It accepted this too, no error, so there's obviously no checking that the A record matches the IP involved...
In this case, it's not going into the DNS, so there's nothing really to check. But note that even for in-domain glue records, there's no special checking (beyond syntax and IP range) of glue IP addresses. Registrars may provide some checking, but as long as the IP address is valid (and the NS in the domain), the glue record will be pushed by the SRS without further checking. There used to be (in the Waikato system, and I think in the DRS) a requirement that name servers be up and answering with the zone before the registry would accept an update. But the SRS has never done that. Mainly this is because automated tools need to be able to commit to registering a domain in the registry before they deploy the new zone to their name servers. Probably DD just send a DNS request to the specified IP and blithely populate the fields from the response. Never mind that it's not authoritative ... -- don