On Thu, Jun 18, 2020 at 10:34:40PM +0000, Wessels, Duane wrote:
My guess is that some implementations take the glue from the root zone and some take it from the root-servers.net zone (which has the 3600000 TTL).
You are probably right. If this is the case, then there is the question of which is more correct for use as glue. Though the root servers also serve the root-servers.net zone and are authoritative for them, when glue exists as glue within the root zone, should the root namesevers not use the glue in preference? Ignoring the case of . and root-servers.net, assume a secondary authoritative NS is configured for a parent zone and child zone a couple of levels within the parent domain, which are transferred in from different primary NSs (under control of different entities). The authoritiative NS does not know if the parent and/or slave are delegated to it (as a resolver would) - it just serves zone data. If one is to assume that the parent zone is delegated to the NS, and the child zone is delegated to some other nameserver (whereas a similarly named zone exists on this NS), it seems more correct that glue that exists as glue within the parent zone be used, and not address records from the child zone (even though the NS thinks it is configured as an authority for the child). Mukund