[dns-operations] Reporting glue as authoritive data -- Bug!
Mark_Andrews at isc.org
Wed Jan 30 21:56:52 UTC 2008
> At 9:47 +1100 1/30/08, Mark Andrews wrote:
> > Diversity in answers is bad for the resolver as they have
> > to deal with all the undocumented crud that gets sent at
> > them.
> Putting the cart before the horse, I don't think anyone has said that
> diversity in answers is a desired state. The fact is that it
> happens. The fact that DNS can deal with it is one of its strengths.
> > We already have to have a workaround to deal with this
> > "referral in answer". Yes, BIND 8 produced this crud
> > as well.
> The point that seems to be getting lost is not that hybrid answers
> are produced but that there are resolvers that need it.
What resolvers need it? A ordinary iterative lookup can't
depend on the answer being there.
> I received a
> bit more detail on our (Ultra's) experience. The behavior as it is
> now dates back to last century, a few years ago a fix was put in
> place. The result was the production network got hammered due to a
> resolver bug, so it was backed out. The problem today is that we
> have been unable to verify that adding the fix back in wouldn't
> repeat the situation.
The problem is that no one has documented what actually
happened and most importantly *why* it happened. We don't
know if there is a hole in the protocol or not.
If there is sibling glue should and there is a
request for a address that is glue should that be added to
the additional section?
> Nevertheless, I think it is worth documenting this message. Right
> now I don't have the time, I want to knock out AXFR first. Is there
> a problem documenting current, observed, in existence operational
> >; <<>> DiG 9.3.4-P1 <<>> ns uu.net +norec @a.gtld-servers.net
> >; (2 servers found)
> >;; global options: printcmd
> >;; Got answer:
> >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30839
> >;; flags: qr; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
> >;; QUESTION SECTION:
> >;uu.net. IN NS
> >;; ANSWER SECTION:
> >uu.net. 172800 IN NS auth00.ns.uu.net.
> >uu.net. 172800 IN NS auth200.ns.uu.net.
> >uu.net. 172800 IN NS auth210.ns.uu.net.
> >uu.net. 172800 IN NS auth60.ns.uu.net.
> >;; ADDITIONAL SECTION:
> >auth00.ns.uu.net. 172800 IN A 22.214.171.124
> >auth200.ns.uu.net. 172800 IN A 126.96.36.199
> >auth210.ns.uu.net. 172800 IN A 188.8.131.52
> >auth60.ns.uu.net. 172800 IN A 184.108.40.206
> >;; Query time: 283 msec
> >;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
> >;; WHEN: Wed Jan 30 09:37:03 2008
> >;; MSG SIZE rcvd: 177
> > I'm sure if I look hard enough I'll find a glue in answer
> > without glue in additional as well.
> What are you looking for?
> Edward Lewis +1-571-434-5468
> Think glocally. Act confused.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the dns-operations