[dns-operations] Reporting glue as authoritive data -- Bug!
Edward Lewis
Ed.Lewis at neustar.biz
Fri Jan 25 16:39:58 UTC 2008
At 11:15 -0500 1/25/08, Joe Abley wrote:
>On 25-Jan-2008, at 10:47, Joe Abley wrote:
He's talking to himself again.
> - nameserver was renumbered by end user, but glue record was not updated
The IETF - cool protocols that are impossible to operate - since 1986.
Choice:
We realize it might just be an out of whack glue problem when this happens.
We invent new records in DNS (DEL-NS and DEL-A/DEL-AAAA) to end the parent
child madness of copying things.
We beef up resolvers to really understand RFC 2181's trustworthiness.
We outlaw or define hybrid answers and document them clearly.
and there's always Joe's approach:
> - everybody involved runs outside and lies down in front of the first bus
> they can find, hoping that peace will come swiftly
No matter what the DNS outputs, if the glue is not updated correctly
we will have problems. That's the rool of the evil. The secondary
effect is 'it's a matter of how troubleshootable it is.' If the glue
is completely out of whack it'll be obvious. When the glue is partly
out of whack (like one address still works and the other doesn't) it
takes an experienced hand to tell what's going on with the current
set of tools and documentation.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Think glocally. Act confused.
More information about the dns-operations
mailing list