[dns-operations] Reporting glue as authoritive data -- Bug!

Lutz Donnerhacke lutz at iks-jena.de
Thu Jan 31 08:48:52 UTC 2008

* Edward Lewis wrote:
> Why don't servers running BIND 9 seem to have this problem?

Because the "hybrid answers" are not needed by the resolvers out there.
There might be a problem in the past, but it's gone.

> Until last week, no one seemed to notice
> the hybrids for about 2 years (judging from how far back I had to go 
> to find my old mail on it) so no one has thought about cleaning them 
> up.

Most people do not sue the TLD for their problems, but their local
infrastucture or their ISP first.

In the current case the problem was escalated to the registrar of the domain
by an advanced user. Unfortunly you will not notice this bug report, the
user sued the bind9-registry about "the missing A in ANSWER". So despite
he's clearly professional in DNS, he took the wrong route.

I did the same several month ago, while observing that changing glue does
not trigger a DNSSEC-signature action. I was puzzled and discussed this
"problem" even with the user above. That's why I heard of his problem now.

After this discussion, I'm sure, that ATLAS and Ultra give wrong answers and
should plan to phase this errornous behaviour out.

More information about the dns-operations mailing list