Dig shows wrong ip
cet1 at cam.ac.uk
Mon Aug 3 10:52:10 UTC 2009
On Aug 3 2009, Danny Mayer wrote:
>Chris Thompson wrote:
>> You are misinterpreting what I said. Of course erroneous glue needs to be
>> corrected. But there is no need for the servers to return IP addresses
>> provided for glue as an *answer* to a query, as the *.gtld-servers.net ones
>> do, rather than giving a proper referral. (At least their answers are not
>> marked authoritative, unlike those from some other nameservers.)
>It needs to be part of the answer if the nameserver is in the same
>domain as the FQDN otherwise it won't know where to go for the answers.
>That's the point of the glue.
It needs to be part of the *response*, not part of the *answer* (section).
In a referral, glue records appear in the additional section: the answer
section is empty.
When the *.gtld-servers.net servers are asked about dns3.potomacnetworks.com
(for example), they don't give a referral. They give an answer based on
what ought to be the glue record. This means that if the NS records for
potomacnetworks.com have not already been cached, a recursive nameserver
will believe this answer (and cache it). This would only be proper
behaviour if the *.gtld-servers.net were slaving (possibly stealth slaving)
potomacnetworks.com - which of course they aren't, but how is the poor
recursive nameserver to know that?
Email: cet1 at cam.ac.uk
More information about the bind-users