[dns-operations] dynect.net outage

Ralf Weber dns at fl1ger.de
Mon May 30 06:47:13 UTC 2022


On 30 May 2022, at 8:34, Robert Edmonds wrote:
>> So how do you expect the domain to be resolved if all of your out
>> of bailiwick name server names no longer point to an IP address?
> By using the working nameservers with resolvable names specified in the
> delegation from the parent zone, which never changed in this particular
> case. This is what Unbound's resolution algorithm does if there are not
> too many nonexisting nameserver target names in the child's NS RRset,
> and what other resolver algorithms do.
So you mean the parent provided additional records (A/AAAA) when issuing
a referral? Otherwise I can not see how from an empty cache you can
resolve this domain if all of the name server names supplied are NXDOMAIN.

> There is more than one resolver implementation, and they differ in the
> results of resolving a zone with this type of misconfiguration, and none
> of them are the reference implementation of DNS. So just looking at a
> particular resolver algorithm returning SERVFAIL when encountering a
> particular data pattern starting from a cold cache cannot tell us
> whether the algorithm or the data is at fault.
I agree on this, however the difference in implementation are less
when it comes to resolving from a cold cache and all the explanations
given so far for me point to the domain being unresolvable for all
implementations from an empty cache.

So long
Ralf Weber

More information about the dns-operations mailing list