Wrong glue records entered.
Steven Job
list3 at wwwcrazy.com
Mon Jan 17 23:22:34 UTC 2005
Are glue records supposed to be returned with the MX records?
The problem that we are having is that someone will create the following MX
records for their domain.
@ 10800 IN MX 40 smtp.secureserver.net.
But then some one else will create the domain "secureserver.net" in our system
and point the A record for "smtp" to another IP.
Now "secureserver.net" is not pointing to our name servers (at the root name
server level) so our servers should never be asked for it. But they are by
some resolvers and it is poisoning everything.
When I do a "dig" I do not get this problem at all (that the glue records are
being returned since the server is not responsible for that zone).
I have tested this with both bind (9.x) and dnscache and neither do this.
But some name servers are asking for these records.
Is is possible (other than deleting the "secureserver.net" zone) to stop these
resolving name servers from asking our name servers for domains that it has no
business asking?
Thanks for any insight,
-Steve
More information about the bind-users
mailing list