Conflicting glue records?

[Milo Hyson]

In our particular case, we have stale glue records for our name- 
servers that appear to be coming from a domain we host that is owned  
by someone else. Despite our best efforts, we have not been able to  
reach the owners and thus have not been able to get the host records  
changed at the registrar. The net result is that any domains listing  
those server names fail to resolve as the old IPs are no longer in  
service.

This raises a scary question. If this is really an undefined  
situation, could it be used as an attack vector? Although our  
particular situation involves no component of fraud, what is to stop  
someone from registering a domain and listing our server name with a  
bogus IP?

--
Milo Hyson
Chief Scientist
CyberLife Labs


On Jan 7, 2009, at 23:57, Doug Barton wrote:

> Milo Hyson wrote:
>> If different registrars contain different host records for the same  
>> name
>> server, what glue records are established in the root servers?  
>> Suppose
>> two domains at different registrars both list ns1.mydomain.com as a
>> nameserver but each gives a different IP. Are the results undefined?
>
> I'm not sure what the theoretically "correct" way for the reg*'s to
> resolve this is, but in practice you're right, the results are
> undefined. If these are all hosts and records that you control, the
> short answer is, "be careful not to do that."
>
> If you've run into a situation where a hostname for a domain you now
> control has stale glue your best point of contact is your registrar
> for com/net/org/info/biz/us.
>
>
> hth,
>
> Doug
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090108/d48e108a/attachment.html>