Moving DNS out of non-cooperative provider
p.mayers at imperial.ac.uk
Tue Jun 19 07:19:51 UTC 2012
On 06/19/2012 04:18 AM, Barry Margolin wrote:
> Didn't this used to be a problem? When the caching server queries the
> cached nameservers, the response would include the old NS records in the
> Authority section. The caching server would then replaced the cached NS
> records with these records, resetting the TTL to its full time. As long
> as it continued performing queries against the old servers before the NS
> records timed out, the TTLs would keep getting reset, and never expire.
Interesting. I was unaware of this issue, thanks for pointing it out. As
Mark mentions in his follow-up, it seems like there are other corner
cases where a broken or malicious nameserver can futz up delegations.
More information about the bind-users