[dns-operations] Reporting glue as authoritive data -- Bug!
Edward Lewis
Ed.Lewis at neustar.biz
Thu Jan 31 13:30:49 UTC 2008
At 11:34 +1100 1/31/08, Mark Andrews wrote:
> Or you could say that those zones were causing excessive work
> to be done by iterative resolvers and they aborted the queries
> to protect themselves. How many levels of indirection are
> reasonable before a resolver gives up.
My diagnosis was done in a controlled environment, running an empty
BIND 8 from scratch and watching it's behavior via tcpdump. The
problem was BIND's forgetting why it asked certain questions. As for
the storms, well, retries yes. But there was an algorithm bug that
caused it all.
You can guess at all sorts of reasons why the problem became a
problem. But when you wade through tcpdumps, you get pretty
convinced about what you see.
> 192.in-addr.arpa's delagation is reasably sane now. You would
> have to loose all of chia.arin.net, dill.arin.net,
> epazote.arin.net and figwort.arin.net to reach BIND 8's old
> limits.
The situation existed some time ago, not currently. What you are
seeing is the result of fixes taken to get around the problem.
Operators do like to get problems solved and move on.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Think glocally. Act confused.
More information about the dns-operations
mailing list