[dns-operations] caches only resetting TTL? was Re: Where to find "DNS resolution path corruption"?

Paul Vixie paul at vix.com
Tue Feb 26 22:16:25 UTC 2008

in yet another attempt to fool the world into thinking that the BIND Company
aren't a bunch of nazis marching shoulder to shoulder, i'm going to pick this
as my moment to argue with another BIND Company employee about a technical

> 	This is just the result basic DNS management practices not being
> 	followed.
> ...
> 	In all cases old servers should be deconfigured.

i am aware of many "stealth slave" relationships, for example, all of the
root name servers are authoritative for root-servers.net even though only
four of them are listed in its NS RRset.  the goal in these relationships
is to be able to include A RR glue in additional data sections with TTL's
that are not ticking down, and to have none of the A RRs referred to by
the authority section be missing in the additional data section (other than
for the reason of there not being enough room for all of them.)

the difference between a zone which was never deconfigured from an authority,
and a server deliberately having a "stealth slave" zone, is one of intent,
which cannot be detected on the wire.  there is no correctness issue here,
and no way to apply the normal referents of the word "should" (as above).

More information about the dns-operations mailing list