[dns-operations] NSATC DNS oddities last week (affecting hotmail, msn etc)
bert hubert
bert.hubert at netherlabs.nl
Fri Aug 3 13:05:22 UTC 2007
On Fri, Aug 03, 2007 at 08:52:47AM -0400, Matt Larson wrote:
> > 2) It has been suggested that PowerDNS invalidate an NS record from its
> > cache if it is not responsive, and refetch from higher up.
>
> I can already hear my colleague, Piet Barber, screaming,
> "Nooooooooooo!!!" :-)
As you may remember I've had the honour of having Piet call me on all phone
numbers he could find of me in 'whois' when we configured the 'I.AM.' domain
in a way that triggered bad behaviour in recursive servers :-)
> A Reasonably Popular Implementation did this and we saw truly amazing
> traffic storms to the .com/.net servers when a popular zone would go
> offline (and hundreds of thousands of iterative resolvers would
> requery the .com servers to check the delegation).
>
> We documented this behavior and gave reasoning why it's not the best
> choice in RFC 4697, section 2.1.
Ok, consider me convinced this is not a good idea. I do remain interested in
knowing what in fact happened. The nsatc.net domain does power 'Windows
Update', so it merits attention.
BIND reportedly quickly recovered from the observed oddities, and I hear it
is root-server friendly.
So any stories regarding what happened with nsatc.net are more than welcome.
Bert
--
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services
More information about the dns-operations
mailing list