[dns-operations] caches only resetting TTL? was Re: Where to find "DNS resolution path corruption"?
paul at vix.com
Tue Feb 26 22:01:20 UTC 2008
> > The other case that is occasionally seen is when ISPs do not
> > separate authoritative and recursive servers
> > and their own customers are served with the stale, outdated data.
> That, to me, is the obvious case where the behavior that Antoin
> describes, would occur. That is completely RFC compliant though.
if you're a dual-mode server and someone asks you an RD=1 question that
makes you iterate, and during iteration you learn an A RR (referred to by
some NS RR) whose name is the same as one of your own zone (bottom) cuts,
and you cache it, and someone later asks you for that A RRset, with RD=0,
the truth is that you ought to send them a referral, but the RFC allows
you to send back an answer, even though it's in no way authoritative data,
and even though you're authoritative, from the point of view of the RD=0
iterator who queried you, for the name in question. (that's for starters.)
the RFC is full of slop on the topic of dual-mode, and lacks important
details, and my own belief is, dual-mode is so poorly defined that it's
effectively undefined, and nobody ought to do it, and the RFC, by failing
to either properly define it or forbid it, cannot be "complied with" on
this topic. if i were king, RFC 2181 would have clarified dual-mode right
out of existence, and BIND would not have to pretend to support it by
guessing what to do in dozens of ambiguous situations. (we surf the slop.)
More information about the dns-operations