[dns-operations] Trouble resolving .by TLD due to circular dependency?

John Levine johnl at taugh.com
Tue Jan 11 18:31:19 UTC 2022


It appears that Sascha E. Pollok via dns-operations <sp at iphh.net> said:
>-=-=-=-=-=-
>
>Hello nice people,
>
>for a few days I have worked on an issue we see with our Bind resolvers of different 
>versions regarding resolving addresses under .by. I assume it is not Bind's fault at all 
>but the result of a circular dependency in .by after a change of the Auth NS beginning of 
>January but let me explain what I see. ...

You are correct, they have a NS dependency loop that will cause all sorts of problems.  As
you note the results can be very inconsistent depending on the TTL of the glue records and
how different DNS software handles the expiring glue.

>by.                     130511  IN      NS      dns1.tld.becloudby.com.

>becloudby.com.          172800  IN      NS      u1.hoster.by.
>becloudby.com.          172800  IN      NS      u2.hoster.by.

>Does this analysis seem correct and are there maybe any .BY ccTLD people on this list to 
>take a look at this? I have worked on this together with Anand Buddhdev so I want to thank 
>him for working with me. Always a pleasure.

The solution, of course, is "don't do that."  A simple fix would be to move the NS
for becloudby.com to a name under .com.

R's,
John



More information about the dns-operations mailing list