Diagnostic help part 2
Mike Hoskins (michoski)
michoski at cisco.com
Fri Oct 3 18:21:44 UTC 2014
From: Dave Sparro <dsparro at gmail.com>
Date: Friday, October 3, 2014 at 1:04 PM
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Re: Diagnostic help part 2
>On 10/1/2014 3:45 PM, Tony Finch wrote:
>> (Sorry for straying off topic. I have less experience of Cisco PIX/ASA
>> breaking DNS than of them breaking SMTP.)
>I can't resist either..
>I specifically remember a PIX that bit me by "helpfully" changing the
>payload of an axfr so that the A records that traveled through the PIX's
>NAT got flipped to the inside RFC-1918 addresses for the servers that
>were behind the NAT as well.
>It took a couple rounds of "your sending me the wrong stuff... No I'm
>Not!" until we figured it out.
Yeah, I've had similar experiences on various platforms over the years...
I know it's hard for smaller shops, but even when I was in startup land I
built labs to validate design and behavior (the difference was the "labs"
were often under my desk or in a closet).
Finding unexpected behavior like this in production is always stressful.
Ultimately, we have a responsibility as engineers/architects to conduct
due diligence and not make assumptions. Testing and validation are key
parts of our job. Anything made by people can have bugs or simply
unexpected behavior. :-)
More information about the bind-users