when i check resolver.log just now , i found some error info about AAAA ( ipv6)
Darcy Kevin (FCA)
kevin.darcy at fcagroup.com
Wed Apr 13 22:08:59 UTC 2016
I don't know about other GSLBs, but Cisco GSSes could be made to respond relatively sanely, with some careful configuration. We had to set up a "shadow" version of each GSLB-delegated subzone on BIND, and the GSSes would proxy all queries they couldn't handle themselves to/from this "shadow" version. The _piece_de_resistance_ is to add an obscure wildcard entry in each zone so that all non-apex proxied queries get a NODATA response. This is to inhibit inappropriate NXDOMAIN responses when the name is defined in the GSS, but the type is not handled, e.g. MX, TXT, AAAA or whatever. Such inappropriate NXDOMAIN queries generate negative cache entries for the name, which can then interfere with the A queries. Not a perfect solution, but it got us by until we could migrate off that horrible platform.
- Kevin
-----Original Message-----
From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Barry Margolin
Sent: Wednesday, April 13, 2016 4:45 PM
To: comp-protocols-dns-bind at isc.org
Subject: Re: when i check resolver.log just now , i found some error info about AAAA ( ipv6)
In article <mailman.548.1460561615.73610.bind-users at lists.isc.org>,
"Darcy Kevin (FCA)" <kevin.darcy at fcagroup.com> wrote:
> Really, there's no excuse, in this day and age, for a DNS-serving
> device -- even a load-balancer pretending to be a nameserver -- to
> botch its responses to AAAA queries.
Load balancers routinely botch requests for any type other than the specific type they're programmed to balance. There's never been an excuse for it in the first place (how hard would it have been for them to return NOERROR?), so there's no reason to expect them to treat AAAA any differently from other types that they don't know about.
--
Barry Margolin
Arlington, MA
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list