IP addresses in NS records seem to be breaking hostname resolution
David Botham
dns at botham.net
Wed Jul 17 19:24:20 UTC 2002
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Chris Davis
> Sent: Wednesday, July 17, 2002 1:10 PM
> To: bind-users at isc.org
> Subject: RE: IP addresses in NS records seem to be breaking hostname
> resolution
>
>
> Thank you, David. Hopefully the phone call from an objective third
party
> will get them motivated!
>
> Unfortunately, when I've e-mailed them, and when my "technical liason"
and
> I
> have spoken with them on the phone, we have had no luck. Since
> nslookup/dig/host tells them their host records resolve fine, the
problem
> is
> mine from their point of view.
Well, in the spirit of going above and beyond, I have Jimmy at the isp a
call. He said he has just realized his mistake and is going to fix
it...
>
> That's why I'm looking for something I can do on my side, without
> boogering
> up my configuration, to have the bad NS records rejected or at least
> dumped
> from the cache after failure.
I do not know of anything in BIND to do this.
>
> Hosting my own pacetech-inc.com zone file, though a possibility, opens
a
> door to headaches that I don't care to open. As time marched on and I
ran
> across more companies with misconfigured NS records, I'd accumulate
more
> than a few zone files for zones that are not mine.
Yeah, I agree, hosting zones that do not belong to you is probably a bad
idea for a lot of reasons.
>
> So, my question is still out there. Is there any way to reject or
dump
> the
> bad NS records that contain IP addresses rather than hostnames?
I do not know of any.
>
> Of 6,667 NS records in my resolver's cache yesterday, 15 had I.P.
> addresses
> rather than hostnames. I'd imagine everyone's dns caches look about
like
> that everywhere percentage wise, statistically speaking.
>
> 15 of 6,667 being wrong is only two tenths of one percent, which isn't
> much,
> but this 2/10 of 1% of failed lookups could be solved if there were a
way
> to
> dump or reject the bad NS records and use the correct NS records
provided
> by
> the GTLD servers.
Yes, it would. However, I am sure (read guessing) there is something in
an RFC that says that can't happen.
>
> These dns failures are exacerbated with multiple failed attempts to
send
> mail, and then support calls and research about lost mail, and now
this
> discussion thread involving all of you!
>
> It's not my misconfiguration, and it's been very difficult (read
> "impossible") to convince the other guy it's his misconfiguration
because
> everything resolves fine at first glance. It's caused me some
headaches.
> I'd like some legitimate defense against it.
Sometimes the best thing to do is contact the person who is paying for
the domain (check whois). They have a vested interest in it working
correctly and can sometimes put the right kind of pressure on the
providers to straighten out their acts. I think that after my call this
morning, the owner of the domain in question here called Jimmy at the
ISP. I think that is why Jimmy told me that he "just realized" the
problem and would be fixing it...
>
> My bet is that everyone everywhere is experiencing a "not
insignificant"
> amount of failures due to this type of problem.
>
> Would a new bind feature to dump or reject invalid NS records be in
order?
I would vote yes, if it was RFC compliant.
> Or is there in fact a way to do this already?
Not that I know of. However, be patient, others (more knowledgeable
than I) will more than likely catch this thread and respond to your
questions with more definite answers...
>
> Chris Davis
> Site Engineer
> ComputerJobs.com
>
> -----Original Message-----
> From: David Botham [mailto:dns at botham.net]
> Sent: Wednesday, July 17, 2002 12:08 PM
> To: bind-users at isc.org
> Subject: RE: IP addresses in NS records seem to be breaking hostname
> resolution
>
>
>
>
> As a follow up, I forwarded this thread to both the soa responsible
> email and whois responsible email. And as an extra bonus, I called
the
> whois admin contact on the phone. He was happy to here from me and
said
> he would call his ISP and light a fire under...
>
> Dave...
More information about the bind-users
mailing list