[dns-operations] Reporting glue as authoritive data -- Bug!

Edward Lewis Ed.Lewis at neustar.biz
Wed Jan 30 14:10:37 UTC 2008 

At 9:47 +1100 1/30/08, Mark Andrews wrote:

>	Diversity in answers is bad for the resolver as they have
>	to deal with all the undocumented crud that gets sent at
>	them.

Putting the cart before the horse, I don't think anyone has said that 
diversity in answers is a desired state.  The fact is that it 
happens.  The fact that DNS can deal with it is one of its strengths.

>
>	We already have to have a workaround to deal with this
>	"referral in answer".  Yes, BIND 8 produced this crud
>	as well.

The point that seems to be getting lost is not that hybrid answers 
are produced but that there are resolvers that need it.  I received a 
bit more detail on our (Ultra's) experience.  The behavior as it is 
now dates back to last century, a few years ago a fix was put in 
place.  The result was the production network got hammered due to a 
resolver bug, so it was backed out.  The problem today is that we 
have been unable to verify that adding the fix back in wouldn't 
repeat the situation.

Nevertheless, I think it is worth documenting this message.  Right 
now I don't have the time, I want to knock out AXFR first.  Is there 
a problem documenting current, observed, in existence operational 
behavior?

>; <<>> DiG 9.3.4-P1 <<>> ns uu.net +norec @a.gtld-servers.net
>; (2 servers found)
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30839
>;; flags: qr; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
>
>;; QUESTION SECTION:
>;uu.net.				IN	NS
>
>;; ANSWER SECTION:
>uu.net.			172800	IN	NS	auth00.ns.uu.net.
>uu.net.			172800	IN	NS	auth200.ns.uu.net.
>uu.net.			172800	IN	NS	auth210.ns.uu.net.
>uu.net.			172800	IN	NS	auth60.ns.uu.net.
>
>;; ADDITIONAL SECTION:
>auth00.ns.uu.net.	172800	IN	A	198.6.1.65
>auth200.ns.uu.net.	172800	IN	A	195.129.12.82
>auth210.ns.uu.net.	172800	IN	A	195.129.12.74
>auth60.ns.uu.net.	172800	IN	A	198.6.1.181
>
>;; Query time: 283 msec
>;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
>;; WHEN: Wed Jan 30 09:37:03 2008
>;; MSG SIZE  rcvd: 177
>
>	I'm sure if I look hard enough I'll find a glue in answer
>	without glue in additional as well.

What are you looking for?
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Think glocally.  Act confused.

More information about the dns-operations mailing list