[dns-operations] Root operators.. issues coming from 64.97.246.0/24

Florian Weimer fw at deneb.enyo.de
Sun Jun 27 20:48:54 UTC 2010


* Jake Zack:

> I can't find a consistent condition amongst all of the domains below
> to attribute this activity to...

Those I could check are referenced in NS records for a zone delegated
from .CA (either their own zone, or some other zone), but you do not
provide glue for it.  In addition, there are weired dependency loops
which are hard to describe in writing.

These repeated queries could be the result of running the algorithm in
section 5.3.3 of RFC 1034 verbatim.  If you interpret "better
delegation" in step 4b to include authority information from an
authority server, caching that data could reduce your SLIST to empty
(possibly only after TTL expiry).  Then the .CA servers are the best
servers to ask for the affected QNAMEs, and due to the dependency loop
in the data, the resolver cannot recover from that situation.  If
there isn't some form of lameness cache, the resolver will trigger an
upstream query for every downstream or internal query for the affected
name.

This is mainly a quality-of-implementation in the resolver, but it's
triggered by publishing inconsistent DNS data.



More information about the dns-operations mailing list