[dns-operations] caches only resetting TTL? was Re: Where to find "DNS resolution path corruption"?
Mark_Andrews at isc.org
Tue Feb 26 22:57:26 UTC 2008
> in yet another attempt to fool the world into thinking that the BIND Company
> aren't a bunch of nazis marching shoulder to shoulder, i'm going to pick this
> as my moment to argue with another BIND Company employee about a technical
> > This is just the result basic DNS management practices not being
> > followed.
> > ...
> > In all cases old servers should be deconfigured.
> i am aware of many "stealth slave" relationships, for example, all of the
> root name servers are authoritative for root-servers.net even though only
> four of them are listed in its NS RRset. the goal in these relationships
> is to be able to include A RR glue in additional data sections with TTL's
> that are not ticking down, and to have none of the A RRs referred to by
> the authority section be missing in the additional data section (other than
> for the reason of there not being enough room for all of them.)
> the difference between a zone which was never deconfigured from an authority,
> and a server deliberately having a "stealth slave" zone, is one of intent,
> which cannot be detected on the wire. there is no correctness issue here,
> and no way to apply the normal referents of the word "should" (as above).
The stealth slave server serves the *same* zone content at
the authoritative servers, sans transmission delays.
The problem that triggered this discussion is that people
leave servers running that serve *different* (old) zone
data. You will note that the old server will become a
stealth slave server once the TTL's expire. It will also
expire the zone if one it's master goes away assuming there
are no loops in the zone transfer graph.
The steps in the description of how to manage changes in
nameservers, if followed, don't leave you with servers
serving differnet zone content. If they just turn the old
master into a slave all the servers will have the current
zone content and there would be no problems except the
effective expire interval will increase as the maximum
transfer path length has increased.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the dns-operations