[dns-operations] Reporting glue as authoritive data -- Bug!

Mark Andrews Mark_Andrews at isc.org
Wed Jan 30 21:56:52 UTC 2008 

> At 9:47 +1100 1/30/08, Mark Andrews wrote:
> 
> >	Diversity in answers is bad for the resolver as they have
> >	to deal with all the undocumented crud that gets sent at
> >	them.
> 
> Putting the cart before the horse, I don't think anyone has said that 
> diversity in answers is a desired state.  The fact is that it 
> happens.  The fact that DNS can deal with it is one of its strengths.
> 
> >
> >	We already have to have a workaround to deal with this
> >	"referral in answer".  Yes, BIND 8 produced this crud
> >	as well.
> 
> The point that seems to be getting lost is not that hybrid answers 
> are produced but that there are resolvers that need it.

	What resolvers need it?  A ordinary iterative lookup can't
	depend on the answer being there.

>  I received a 
> bit more detail on our (Ultra's) experience.  The behavior as it is 
> now dates back to last century, a few years ago a fix was put in 
> place.  The result was the production network got hammered due to a 
> resolver bug, so it was backed out.  The problem today is that we 
> have been unable to verify that adding the fix back in wouldn't 
> repeat the situation.

	The problem is that no one has documented what actually
	happened and most importantly *why* it happened.  We don't
	know if there is a hole in the protocol or not.
 
	e.g. 
		If there is sibling glue should and there is a
	request for a address that is glue should that be added to
	the additional section?

> Nevertheless, I think it is worth documenting this message.  Right 
> now I don't have the time, I want to knock out AXFR first.  Is there 
> a problem documenting current, observed, in existence operational 
> behavior?
> 
> >; <<>> DiG 9.3.4-P1 <<>> ns uu.net +norec @a.gtld-servers.net
> >; (2 servers found)
> >;; global options:  printcmd
> >;; Got answer:
> >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30839
> >;; flags: qr; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
> >
> >;; QUESTION SECTION:
> >;uu.net.				IN	NS
> >
> >;; ANSWER SECTION:
> >uu.net.			172800	IN	NS	auth00.ns.uu.net.
> >uu.net.			172800	IN	NS	auth200.ns.uu.net.
> >uu.net.			172800	IN	NS	auth210.ns.uu.net.
> >uu.net.			172800	IN	NS	auth60.ns.uu.net.
> >
> >;; ADDITIONAL SECTION:
> >auth00.ns.uu.net.	172800	IN	A	198.6.1.65
> >auth200.ns.uu.net.	172800	IN	A	195.129.12.82
> >auth210.ns.uu.net.	172800	IN	A	195.129.12.74
> >auth60.ns.uu.net.	172800	IN	A	198.6.1.181
> >
> >;; Query time: 283 msec
> >;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
> >;; WHEN: Wed Jan 30 09:37:03 2008
> >;; MSG SIZE  rcvd: 177
> >
> >	I'm sure if I look hard enough I'll find a glue in answer
> >	without glue in additional as well.
> 
> What are you looking for?
> -- 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Edward Lewis                                                +1-571-434-5468
> NeuStar
> 
> Think glocally.  Act confused.
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the dns-operations mailing list