IP addresses in NS records seem to be breaking hostname resolution

David Botham dns at botham.net
Wed Jul 17 20:21:09 UTC 2002




[clip...]
> >
> > I think what Chris is saying is that the NS RR set obtained from the
> > child name servers consisted of only bad names, however, the NS RR
set
> > obtained from the parent (gtld name servers) contained good ones.
He
> > would like to be able to tell bind, to "ignore the child and listen
to
> > the parent" (if I read him correctly).  I think the point here is
that
> > "good" information exists from someone who does have some authority
in
> > the situation and it would be nice to use it.  On the other hand,
"bad"
> > information is also available from someone who also has authority.
The
> > question is, who has more authority, the parent or the child?  Or
more
> > to the point, who really owns those NS RR's; the owner of the parent
> > domain or the delegated domain?
> >
[clip...]
> RFC 2181 is clear on this: authoritative data from the zone itself is
more
> "credible" than (ranked higher than, replaces) data from referrals.

Well, that's that :)

> Throwing away authoritative data based on some heuristic (e.g. "all-
> numeric
> names look suspicious") and falling back to referral data, is clearly
not
> conformant with the RFC. Zone maintainers already have plenty of ways
to
> shoot themselves in the foot;
 
Yup!

>this is just one example among many, and is
> in the long run self-correcting.

See Chris, I told you that would probably be in violation of an RFC.  

My hat is off to all those that have actually *read* the RFC's.  They
are on my nightstand and I am making progress... Thanks again Kevin...

Dave...

> 
> This is an operational problem. Lets not break the standards trying to
> work
> around it.

Yup, best to call CH that has mis-configured the name server(s) in
question and/or the Registrant.

> 
> 
> - Kevin
> 
> 




More information about the bind-users mailing list