IP addresses in NS records seem to be breaking hostname resolution
Cricket Liu
cricket at menandmice.com
Thu Jul 18 00:33:14 UTC 2002
> > 3- refused by named at startup on the server with the bad NS records.
>
> On the master server, you mean. How does the master know that a given NS
record
> is "bad" or not? Are you suggesting that it go out and do an A record
query for
> *every* name it sees in an NS record RDATA? Why limit it to NS records?
> Shouldn't it be doing the same for MX records? CNAMEs? PTRs? SRVs? This is
> going to add a lot of overhead and time to the zone-loading process. Or do
we
> just pick on NS records because they are "special"?
>
> And what if an NS record is valid at time of load, but someone
subsequently
> deletes the A record, so it goes from being valid to being invalid? Are
you
> going to periodically check *all* names referred to by NS records? If
you're
> not willing to do that, then you have a situation where the existence of a
> given NS record may depend on how often or how recently the zone
containing it
> was reloaded. Moreover, if you're going to be deleting an NS record from
the
> master server, then according to the rules, the zone itself has changed
> (because the master is the origin of the zone data), and you need to
increment
> the serial number, replicate to slaves, etc.
To cite another example, I know administrators who manage the external views
of their zones on internal name servers and have those zones transferred to
their
external name servers. Depending on their resolution architectures, the
domain
names in the RDATA of their NS records might not be resolvable on the
internal
name server at all. Shouldn't it still be able to load the zone?
If we check intrazone NS records by looking up their A RRs before loading a
zone, and all of the name servers authoritative for the zone have domain
names
in the zone, how does the first one start?
cricket
Men & Mice
DNS Software, Training and Consulting
www.menandmice.com
Attend our next DNS and BIND class! See
http://www.menandmice.com/DNS-training/
for the schedule and to register for upcoming classes
More information about the bind-users
mailing list