[dns-operations] Reporting glue as authoritive data -- Bug!
Frederico A C Neves
fneves at registro.br
Mon Jan 28 13:32:31 UTC 2008
On Sat, Jan 26, 2008 at 11:18:13AM +1100, Mark Andrews wrote:
> > On 25-Jan-2008, at 11:39, Edward Lewis wrote:
> > >> No matter what the DNS outputs, if the glue is not updated
> > >> correctly we will have problems. That's the rool of the evil. The
> > >> secondary effect is 'it's a matter of how troubleshootable it is.'
> > >> If the glue is completely out of whack it'll be obvious. When the
> > >> glue is partly out of whack (like one address still works and the
> > >> other doesn't) it takes an experienced hand to tell what's going on
> > >> with the current set of tools and documentation.
> > Out-of-date glue is going to cause headaches, no question.
> > However, there's a difference between the problem being simply a lame
> > delegation at one of several available nameservers (which might well
> > have no observable impact) and the problem manifesting itself as a
> > random distribution of cached A records which looks like a cache
> > expiry problem, but isn't.
> > I don't know that there's an answer to this, but at least I got to
> > share my pain :-)
> Follow the requirements of RFC 1034 and have the registry
> check that the glue matches the zone contents then perform
> whatever proceedure they have to inform the registrant. If
> that means going through the a registrar then so be it.
> Yes that means you have to set up proceedures to do this.
> Yes you may get the odd complaint.
> Yes you will get the odd "thank you".
> Yes the DNS will work better for *everyone* if you do this.
You are undoubtedly right. We have being doing this for a decade and
the benefits are much larger than the costs.
More information about the dns-operations