Fwd: IPv6 client and negative cache - some doubts

Mark Andrews marka at isc.org
Wed Feb 24 21:27:06 UTC 2010 

In message <Sam.Wilson-84ADEB.11164824022010 at scotsman.ed.ac.uk>, Sam Wilson wri
tes:
> In article <mailman.564.1266963563.21153.bind-users at lists.isc.org>,
>  Mark Andrews <marka at isc.org> wrote:
> 
> > In message <f677fefa1002230600n4694161cu315e5dd4beaaab02 at mail.gmail.com>, 
> > Micha
> > l Wesolowski writes:
> > > 
> > > After some reading my present understanding is that correct response to 
> > > AAAA
> > > query when there is such record in the zone and there exists another reco
> rd
> > > of different type for the same name - is to reply with empty answer and n
> o
> > > error (this applies to authoritative NS). So what ns10.az.pl does is not
> > > consistent with specification.
> 
> That's correct.
> 
> > > However I'm still not sure if bind shouldn't cope with this somehow. I
> > > understand that if it applied to final query for "www.goliszew.pl" than i
> t
> > > would be correct for bind to cache it as negative for all types of record
> s.
> > > But if it concerns bad respond for NS? - I don't know.
> 
> I don't either.
> 
> > Well one of the nameservers does not exist and the other is a CNAME.
> > Both of these are fatal errors for the particular nameserver and
> > as there are only two nameservers for the zone lookups fail.
> 
> I hesitate to take issue with you Mark, but the problem is also that one 
> of the nameservers has either an A record or a CNAME depending on how 
> you look it up (A or AAAA query), and his caching server is keeping them 
> both.

Named sees the CNAME for virtual.jasnet.pl and marks the server as bad.
Named sees the NXDOMAIN for virtual.sincom.pl and marks the server as bad.

> > Add A records to the sincom.pl and jasnet.pl zones for virtual.sincom.pl
> > and virtual.jasnet.pl respectively.
> 
> As the OP has pointed out that's not under his control, and if the same 
> misbehaving servers are responsible there's the chance that both will be 
> screwed up.

Well he needs to complain to the administrators of the zones as
they are not following the relevent RFC's and their nameservers are
not preventing them from making configuration errors by allowing
the A and CNAME to co-exist virtual.jasnet.pl.

RFC 1034, Section 3.6.2.

"If a CNAME RR is present at a node, no other data should be
present; this ensures that the data for a canonical name and its aliases
cannot be different."

He should also complain to the administrators for .PL for not
following RFC 1034 and ensuring that delegation start off and
continue to be RFC compliant.
 
RFC 1034, Section 4.2.2.

"As the last installation step, the delegation NS RRs and glue RRs
necessary to make the delegation effective should be added to the parent
zone.  The administrators of both zones should insure that the NS and
glue RRs which mark both sides of the cut are consistent and remain so."

> Sam
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list