[dns-operations] Reporting glue as authoritive data -- Bug!
Ed.Lewis at neustar.biz
Tue Jan 29 21:30:30 UTC 2008
At 7:57 +1100 1/30/08, Mark Andrews wrote:
> The world runs without it. There are lots of zones including
> TLD's that cope.
I was talking on the side with someone wondering why, if this is/was
a real problem, why don't all TLDs see this? That's a good question.
My response was that in the case in which I experienced the problem
it may have been a combination of factors somewhat unique to the TLD
(it being ARPA). In other cases it might be manifested in the way
the registry to DNS interface is constructed.
> I think it is time to name the resolver(s) if you really
> want to try to ram through this bad engineering decision.
> If a resolver don't follow glue it is broken and there are
> lots of places where it will fail to resolve names.
I'm uncomfortable naming names on a public mailing list, I think it
is irresponsible to place public reports of problems in the court of
public opinion. I think it leads to mob justice and bully behavior.
That is why I refrain from naming the resolvers.
I take offense to your language regarding "ram through this bad
engineering decision." This thread began with a report that there
might be a bug in what Ultra was doing. I filled in the history to
explain that the response was valid and then went on to why it is
sent. I have also been justifying the decisions made back then that
lead to where we are. I mentioned that I "thought" it was Ultra
matching Atlas in action, it turns out the Ultra engineers
consciously added this response because of a problem on the
production network (may be before we acquired them for all I know
Personally I have had experience with the mistakes of BIND 4 and BIND
8 in this manner. I had to spend quite a bit of time researching it,
the problem is real. Yes, BIND 9 has corrected that but as an
operator I have had to deal with legacy code that was still broken.
I'm not calling BIND to fix anything.
Documenting these responses would be the responsible thing to do. No
one has taken this on. I don't see the harm in legitimizing them,
whatever that means. Perhaps once we rid the network of broken
resolvers we don't need to see these responses. But since when has
the Internet relied on an attitude that every one has to march to the
same beat? Whatever happened to "be liberal in what you accept?"
> I fail to see how you need to be bug for bug compatible
> with a resolver.
What I had in mind was authoritative servers that are built
bug-for-bug compatible on purpose. As far as resolvers, I wouldn't
know. But I do know that one resolver code strain begets another
because we have weak specifications.
Edward Lewis +1-571-434-5468
Think glocally. Act confused.
More information about the dns-operations