[dns-operations] Reporting glue as authoritive data -- Bug!
Mark_Andrews at isc.org
Thu Jan 31 22:16:17 UTC 2008
As far as I can see, there was a problem observed and
the nameservers were reverted and apart from trying to
identify the clients that's were the analysis stopped.
Glue is not the same as a cached answer as it not learnt
from the authoritative source in a automatic manner. It
also does not timeout. Returning glue as answers causes
problems for people when that glue is out of date and the
appears to be no process in place to ensure that glue gets
corrected in a timely manner.
It also causes problems to some DNSSEC validators.
Also there does not appear to have been any analysis done
to minimize the use of putting glue into the answer section.
In Ed's ARPA case it won't be needed if the record is in
the additional section ad BIND 4 and the BIND 8's which had
the very small limits would continue if they saw the record
in the additional section.
Just not putting the record in the answer section if it is
in the additional section would address a large amount of
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the dns-operations