CNAME Issue - Whether to use CNAME-data or Response-Flag

Mark Andrews marka at isc.org
Sat Apr 10 02:10:45 UTC 2010


In message <barmar-A566C3.21402509042010 at news.eternal-september.org>, Barry Mar
golin writes:
> In article <mailman.1106.1270851311.21153.bind-users at lists.isc.org>,
>  Mark Andrews <marka at isc.org> wrote:
> 
> > I would be asking operators of primary-dns.co.uk why they are
> > actively cache poisioning.  They have not been delegated aaisp.net.uk
> > so they should not be serving aaisp.net.uk.
> 
> They could be a stealth slave, hidden master, etc. There's no rule that 
> says that a zone has to be delegated to you for you to be authoritative 
> for it.

They are not serving current content.  See the SOA record returned
and compare it to that returned from the servers that the zone is
actually delegated to.

> The address of primary-dns.co.uk is adjacent to the address of 
> auth.primary-dns.co.uk, the server that aaisp.net.uk us delegated to.  
> They may have all their servers configured as authoritative for all the 
> zones they host, so that they can use them as hot spares for each other.

Well it's doing a poor job as a "hot spare" then.  Much more likely
is that they are a old master/slave and the zone has been moved to
the other servers without making the old master a slave from the
new master.  Unfortunately most people don't know how to cleanly
transfer zones from one set of servers to another.  This is the
sort of fallout that occurs when one does not do a clean transfer.
 
Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list