[dns-operations] Reporting glue as authoritive data -- Bug!

Matt Pounsett matt.pounsett at cira.ca
Fri Jan 25 19:22:26 UTC 2008

Hash: SHA1

On 2008-Jan-25, at 10:02, Paul Vixie wrote:

>> I assume the DNS implementation on ultradns is buggy.
>> It respond the glue record in the answer section instead of the  
>> additional.
> this is what BIND8 did.  atlas also does it this way.  apparently  
> there are
> a lot of monitoring stations that complain when an RFC-complaint  
> response
> (which is a referral), and ultradns and verisign don't want the  
> complaints.
> i've also heard that a number of older recursive servers (among  
> them some
> older bind8 and bind4) will just mindlessly repeat the question if  
> they get
> a referral, which mindlessly increases overall query volume to the  
> TLD.
> BIND9 does what the RFC says, and TLDs who run BIND9 don't seem  
> bothered.

I can verify this.  We get a few complaints a week claiming "You're  
not providing glue for my domain!" because someone has used a broken  
DNS checker which insists on the glue being in the ANSWER section  
(dnsstuff used to do this.. not sure if they still do).  We just  
point out that if we weren't providing glue their domain wouldn't  
work, and most of the time they go away happy (even if they still  
don't understand).

Version: GnuPG v1.4.6 (Darwin)


More information about the dns-operations mailing list