DNS Tracing
Mathias Körber
mathias at koerber.org
Wed Jul 12 04:05:38 UTC 2000
> -----Original Message-----
> From: kcd at daimlerchrysler.com [mailto:kcd at daimlerchrysler.com]
> [...] (Finding
> out which domains those are should be possible by examining the query
> logs on ecs1, assuming it's still running a nameserver, and that the
> nameserver has query logging capability).
and that someone is actually querying for all such zones :-(
> > (FYI, a.root-servers.net is one of the .com name servers.) Better
> > contact Network Solutions and find out where that glue record came
> > from and get it fixed. The 2 day TTL in that answer is another
> > giveaway: this is the standard TTL for resource records in the .com
> > zone. It's also not the same as the 1 day TTL you gave for that A
> > record in your altamente.com zone file, which is the ultimate
> > authority for that domain. But because other name servers will consult
> > .com name servers when looking up ecs1.altamente.com, they'll get the
> > false answer - the old glue record - in the .com zone. They won't
> > bother asking one of the three altamente.com name servers for this
> > name because the .com name servers gave them the answer - albeit with
> > wrong data! - for the query that they made. Somewhere in the .com zone
> > file, there's a line:
> > ecs1.altamente.com. IN A 209.12.224.11
> > this has to be removed or corrected somehow. Removing it is better
> > since this glue probably isn't needed any more and because it has the
> > wrong IP address.
This is the reason I tried coming up with a method to administratively
distinguish A records which are inside a zone because of GLUE from those
there for other reasons (see my now defunct draft
draft-koerber-dnsind-glue-00.txt,
which I did not pursue for lack of interest/support.
I do not think that BIND's built in rules are sufficient to distinguish
between glue and regular A records. For one thing, they only help during
actual lookups. Something that clearly shows a record id supposed to be GLUE
is needed at the administrative level.
just my 2 cents
-- Binary/unsupported file stripped by Listar --
-- Type: application/octet-stream
-- File: draft-koerber-dnsind-glue-00.txt.url
More information about the bind-users
mailing list