Re: How long can an NS chain be?

[dns@pneuma.freshwind.com]

I see what you are asking but I don't believe that it should happen.

ns.greenlight.net should be a glue record in with the .net info.  And it
will have glue in the InterNIC TLD servers if it was used to register any
additional InterNIC names.

Additionally, ns.visualtouch.com would not be an InterNIC listed name
server unless it had a host (glue) record. 

Recently, I heard that a .nl (or any non-InterNIC TLD) host would no
longer be accepted by InterNIC as a name server for an InterNIC name (I've
not confirmed this, but perhaps someone else can), which basically insures
that all name servers for InterNIC names will have glue. (No, this doesn't
mean that folx without existing InterNIC domains can't register InterNIC
names.) 

There's no doubt that server admins, especially TLD server admins, can
really screw things up by not doing basic sanity checks.  Does this mean
that other TLDs must insist on having name servers within their authority? 
It may be the easiest answer.  If TLD admins don't provide a means to
register the the InterNIC equivalent of a host record, that is really not
a flaw in DNS, it is an administrative issue.  If non-TLD name server
admins don't see the need to make sure that their name servers are
reachable by providing proper glue in the proper parent zones, that is a
problem in education/understanding, but is not the fault of DNS. 

So... all of that was just to say:  it seems to me that every NS record
should have corresponding glue in its own parent zone.  If it doesn't,
this is an error.  Should grace be built into the system?  I don't know. 
How much do you want to encourage bad administrative practice?  As
browsers became more and more forgiving of HTML errors and nonstandard
tags, HTML became sloppier and sloppier, because the fact that it worked
reasonably well removed most of the motivation to do it correctly in the
first place. Would be a shame (and probably a bit of a disaster) for that
to happen to DNS. 

Just a few thoughts,

Happy Holidays & New Year!


On 24 Dec 1998, D. J. Bernstein wrote:

> Suppose you're trying to find the address of www.come.to. You send out
> some queries and receive a referral:
> 
>    come.to IN NS ns.greenlight.net
>    come.to IN NS black.plant.nl
> 
> Neither name is in your cache, and there's no glue.
> 
> So you put the original request on hold and try to find the address of
> ns.greenlight.net. You send out some queries and receive a referral:
> 
>    greenlight.net IN NS ns.visualtouch.com
>    greenlight.net IN NS black.plant.nl
> 
> Neither name is in your cache, and there's no glue.
> 
> So you put ns.greenlight.net on hold too and try to find the address of
> ns.visualtouch.com. And so on.
> 
> There's no guarantee in the DNS architecture that this chain will ever
> terminate. In fact, there could be a cycle; length-1 cycles are required
> to have glue, but longer cycles are not.
> 
> Suppose, however, that the NS chain does terminate. It could have any
> length. Is it okay for people to set up an NS chain of length 5? 10? 30?
> How far does a resolver have to go? How much memory do implementors have
> to dedicate to a single request? Is it okay for a resolver to give up
> after several steps? How many? Can a resolver ignore NS records without
> glue if there are three NS records with glue? Two? What if those two
> servers are unreachable?
> 
> The chance of finding glue is going to drop precipitously as new TLDs
> are introduced. Chains are going to get longer and longer and longer,
> even if nobody falls into the trap of setting up a cycle. Users of a
> resolver with an excessively low NS chain limit will find themselves
> completely unable to locate certain domains unless the cache is primed.
> This is an interoperability problem.
> 
> ---Dan
>