[dns-operations] Reporting glue as authoritive data -- Bug!
Mark_Andrews at isc.org
Sat Jan 26 00:18:13 UTC 2008
> On 25-Jan-2008, at 11:39, Edward Lewis wrote:
> >> No matter what the DNS outputs, if the glue is not updated
> >> correctly we will have problems. That's the rool of the evil. The
> >> secondary effect is 'it's a matter of how troubleshootable it is.'
> >> If the glue is completely out of whack it'll be obvious. When the
> >> glue is partly out of whack (like one address still works and the
> >> other doesn't) it takes an experienced hand to tell what's going on
> >> with the current set of tools and documentation.
> Out-of-date glue is going to cause headaches, no question.
> However, there's a difference between the problem being simply a lame
> delegation at one of several available nameservers (which might well
> have no observable impact) and the problem manifesting itself as a
> random distribution of cached A records which looks like a cache
> expiry problem, but isn't.
> I don't know that there's an answer to this, but at least I got to
> share my pain :-)
Follow the requirements of RFC 1034 and have the registry
check that the glue matches the zone contents then perform
whatever proceedure they have to inform the registrant. If
that means going through the a registrar then so be it.
Yes that means you have to set up proceedures to do this.
Yes you may get the odd complaint.
Yes you will get the odd "thank you".
Yes the DNS will work better for *everyone* if you do this.
> For anybody who was mystified by my use of "NUS" before, incidentally,
> it's "Neustar Ultra Services" -- the name of the group within Neustar
> that provides the services that most people still think of as
> dns-operations mailing list
> dns-operations at lists.oarci.net
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the dns-operations