[dns-operations] does anybody know why yahoo+akamai are doing this?

Edward Lewis Ed.Lewis at neustar.biz
Thu Mar 23 15:38:52 UTC 2006 

At 21:16 +0000 3/22/06, Paul Vixie wrote:
># As one of the DNS admins for Yahoo!, I'd like to make sure that we
># aren't actually doing anything wrong.
># ...
># Am I summing up the situation correctly?
>
>yes.  but another thing you can do, probably more usefully, is to set up
>a "stub" zone (assuming you're running bind8 or bind9) for the zone that
>the cname is pointing into (yahoo.akadns.net).  this would actually meet
>the intent of RFC 1034 which is that a recursor who has to follow your
>out-of-zone CNAME will get a hint from you as to where they can find it.
>of course, most modern recursors will ignore your hint since you're not
>the authority it would go to for those NS RRs and they don't want to be
>sent on a wild goose chase, have their cache poisoned, or whatever.  but
>you could meet the intent of RFC1034 with a "stub" zone, or you could
>work around this somewhat bizarre implication of RFC1034 by deleting your
>"hint" zone.  (note to the lurkers... don't delete your "hint" zone if
>you're also recursive... but don't be also recursive, if you can avoid it.)

1) The responses from the Yahoo servers are fully in-line with the 
words of RFC 1034. ("The words of..." meaning that I'm not debating 
the intent.)

2) Running a stub zone seems to be a violation of the spec - 
coherency (sameness of the answers) is important to DNS.  Ergo, 
running an stub, or as I read it, an alternate, version of someone 
else's zone is a step in the wrong direction.

3) If the Yahoo servers do remove their hint files, will queriers be 
able to understand an "I'm a lame server" for out-of-baliwick 
queries?  As far as I can recall, there is no message return code 
that a server can use in a response to say "I don't know and don't 
ask me again."  Over time, the convention of sending an upwards 
referral has been adopted as that message.

For clarification, Paul, what should the Yahoo servers return for a 
query for (www.isc.org, IN, A) or (www.yahoo.akadns.net., IN, A)? 
The first being a genuinely lame response, the other one that might 
be handled by the stub zone you recommend.
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Nothin' more exciting than going to the printer to watch the toner drain...

More information about the dns-operations mailing list