[dns-operations] recursive glueless handling by 220.127.116.11
calvin at orange-tree.alt.za
Wed Apr 15 14:54:59 UTC 2020
Ok, so we had a registrant with the following:
Classic glueless recursive mess-up.
I was seeing notable traffic on co.za Auth's from
trying to resolve the above two zones.
I'm assuming they're related to 18.104.22.168?
once the registrant updated the NS's for one zone, breaking the glueless
recursion, it went away.
(and yeah - maybe I'm throwing away another bug bounty).
On 15/04/2020 16:33, Dave Lawrence wrote:
> Calvin Browne writes:
>> does anyone here know how 22.214.171.124 handles recursive glueless situations?
> The Google folks are on the list and undoubtedly will answer, but I'm
> still curious about what even prompts the question.
> If it's actually missing glue -- NS records that are under the
> delegation point -- and the delegating NS RRset does not include any
> independent NSs, then the protocol itself doesn't have an intrinsic
> mechanism for forward progress. A resolver should SERVFAIL its
> client, perhaps with the "Code 22 - No Reachable Authority" extended
> error code.
> Are you seeing something that suggests Google DNS is making some
> additional effort to continue?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations