[dns-operations] Surprising behaviour by certain authoritative name servers

Nico CARTRON nicolas at ncartron.org
Tue Jan 7 13:02:38 UTC 2020


Hi Niall,

On 07-Jan-2020 13:20 CET, <niall.oreilly at ucd.ie> wrote:

> Hi.
> 
> I've had my attention drawn to some surprising behaviour by
> certain authoritative name servers. I'm not sure how best
> to categorize this behaviour, and wonder how some of you
> might view it.
> 
> What's surprising is that an authoritative name server
> shows both a decremented TTL value (as if it were answering
> from cache) and the AA flag.
> 
> I'm not sure which of the following labels is the best fit
> for this behaviour:
> 
> - normal and expected (but so far outside my experience),
> - strange but harmless,
> - downright wrong.
> 
> Thanks in advance to whomever is minded to reply.

could it be dnsdist in front of an Authoritative,
with the `dontAge` setting of newPacketCache set to false?

> Thanks especially to Mats Dufberg who, diligently
> investigating what I had mistakenly guessed was a problem
> in zonemaster, took time to identify, and make me aware of,
> what was causing occasional trouble reports.
> 
> Niall

-- 
Nico



More information about the dns-operations mailing list