Diagnostic help part 2

Mike Hoskins (michoski) michoski at cisco.com
Fri Oct 3 18:21:44 UTC 2014

-----Original Message-----
From: Dave Sparro <dsparro at gmail.com>
Date: Friday, October 3, 2014 at 1:04 PM
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Re: Diagnostic help part 2

>On 10/1/2014 3:45 PM, Tony Finch wrote:
>> (Sorry for straying off topic. I have less experience of Cisco PIX/ASA
>> breaking DNS than of them breaking SMTP.)
>I can't resist either..
>I specifically remember a PIX that bit me by "helpfully" changing the
>payload of an axfr so that the A records that traveled through the PIX's
>NAT got flipped to the inside RFC-1918 addresses for the servers that
>were behind the NAT as well.
>It took a couple rounds of "your sending me the wrong stuff... No I'm
>Not!" until we figured it out.

Yeah, I've had similar experiences on various platforms over the years...
I know it's hard for smaller shops, but even when I was in startup land I
built labs to validate design and behavior (the difference was the "labs"
were often under my desk or in a closet).

Finding unexpected behavior like this in production is always stressful.
Ultimately, we have a responsibility as engineers/architects to conduct
due diligence and not make assumptions.  Testing and validation are key
parts of our job.  Anything made by people can have bugs or simply
unexpected behavior.  :-)

More information about the bind-users mailing list