[dns-operations] Cname errors?

Andrew Boling aboling at gmail.com
Tue Sep 29 02:34:13 UTC 2015


Pardon - I'm tired and I misread that as a log message from an
authoritative server. Your log messages are an indicator of the behavior I
was mentioning.

A quick glance through the BIND ARM doesn't yield any results on disabling
the nameserver skipping behavior. Even if you were to instruct your server
to relax this policy, it wouldn't stop the rest of the internet from
rejecting those nameservers when the glue expires. The operators need to
fix the zone.

On Mon, Sep 28, 2015 at 10:20 PM, Andrew Boling <aboling at gmail.com> wrote:

> It's a really bad idea to turn off this warning. It's there for a reason.
>
> The original RFCs strongly discourage pointing NS records at aliases (RFC
> 2181 goes on to forbid it), and I'm pretty sure I've seen BIND recursors
> drop domains with this configuration after a NS record refresh. (glue
> expiration, explicit NS query, etc.)
>
> On Mon, Sep 28, 2015 at 9:42 PM, Lyle Giese <lyle at lcrcomputer.net> wrote:
>
>> A couple of weeks ago concurrent with a new release from ISC(I am running
>> 9.9.7-P3 right now), I started seeing these and just have not taken the
>> time to follow up here.
>>
>> I understand the log entry and am not going bonkers about the extra log
>> entries, but concerned if this becomes a performance or lookup issue, can I
>> turn off this behavior?
>>
>> I know the proper answer is for the other guys to stop doing stupid
>> stuff. But unfortunately that is not always a good answer for management
>> for when they can not get to their favorite website because of this issue.
>>
>> Lyle Giese
>> LCR Computer Services, Inc.
>>
>> Sep 27 01:39:48 linux1 named[3497]: skipping nameserver '
>> router-adm.utcb.ro' because it is a CNAME, while resolving
>> '169.156.38.89.in-addr.arpa/PTR'
>> Sep 27 01:39:48 linux1 named[3497]: skipping nameserver '
>> router-civile.utcb.ro' because it is a CNAME, while resolving
>> '169.156.38.89.in-addr.arpa/PTR'
>> Sep 27 01:39:49 linux1 named[3497]: skipping nameserver '
>> router-adm.utcb.ro' because it is a CNAME, while resolving
>> '169.156.38.89.in-addr.arpa/PTR'
>> Sep 27 01:39:49 linux1 named[3497]: skipping nameserver '
>> router-civile.utcb.ro' because it is a CNAME, while resolving
>> '169.156.38.89.in-addr.arpa/PTR'
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-jobs mailing list
>> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150928/5f21cc4c/attachment.html>


More information about the dns-operations mailing list