IP addresses in NS records seem to be breaking hostname resolution

David Botham dns at botham.net
Wed Jul 17 19:24:20 UTC 2002 



> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Chris Davis
> Sent: Wednesday, July 17, 2002 1:10 PM
> To: bind-users at isc.org
> Subject: RE: IP addresses in NS records seem to be breaking hostname
> resolution
> 
> 
> Thank you, David.  Hopefully the phone call from an objective third
party
> will get them motivated!
> 
> Unfortunately, when I've e-mailed them, and when my "technical liason"
and
> I
> have spoken with them on the phone, we have had no luck.  Since
> nslookup/dig/host tells them their host records resolve fine, the
problem
> is
> mine from their point of view.

Well, in the spirit of going above and beyond, I have Jimmy at the isp a
call.  He said he has just realized his mistake and is going to fix
it...

> 
> That's why I'm looking for something I can do on my side, without
> boogering
> up my configuration, to have the bad NS records rejected or at least
> dumped
> from the cache after failure.

I do not know of anything in BIND to do this.


> 
> Hosting my own pacetech-inc.com zone file, though a possibility, opens
a
> door to headaches that I don't care to open.  As time marched on and I
ran
> across more companies with misconfigured NS records, I'd accumulate
more
> than a few zone files for zones that are not mine.

Yeah, I agree, hosting zones that do not belong to you is probably a bad
idea for a lot of reasons.

> 
> So, my question is still out there.  Is there any way to reject or
dump
> the
> bad NS records that contain IP addresses rather than hostnames?

I do not know of any.
> 
> Of 6,667 NS records in my resolver's cache yesterday, 15 had I.P.
> addresses
> rather than hostnames.  I'd imagine everyone's dns caches look about
like
> that everywhere percentage wise, statistically speaking.
> 
> 15 of 6,667 being wrong is only two tenths of one percent, which isn't
> much,
> but this 2/10 of 1% of failed lookups could be solved if there were a
way
> to
> dump or reject the bad NS records and use the correct NS records
provided
> by
> the GTLD servers.

Yes, it would.  However, I am sure (read guessing) there is something in
an RFC that says that can't happen.

> 
> These dns failures are exacerbated with multiple failed attempts to
send
> mail, and then support calls and research about lost mail, and now
this
> discussion thread involving all of you!
> 
> It's not my misconfiguration, and it's been very difficult (read
> "impossible") to convince the other guy it's his misconfiguration
because
> everything resolves fine at first glance.  It's caused me some
headaches.
> I'd like some legitimate defense against it.

Sometimes the best thing to do is contact the person who is paying for
the domain (check whois).  They have a vested interest in it working
correctly and can sometimes put the right kind of pressure on the
providers to straighten out their acts.  I think that after my call this
morning, the owner of the domain in question here called Jimmy at the
ISP.  I think that is why Jimmy told me that he "just realized" the
problem and would be fixing it...

> 
> My bet is that everyone everywhere is experiencing a "not
insignificant"
> amount of failures due to this type of problem.
> 
> Would a new bind feature to dump or reject invalid NS records be in
order?

I would vote yes, if it was RFC compliant.

> Or is there in fact a way to do this already?

Not that I know of.  However, be patient, others (more knowledgeable
than I) will more than likely catch this thread and respond to your
questions with more definite answers...

> 
> Chris Davis
> Site Engineer
> ComputerJobs.com
> 
> -----Original Message-----
> From: David Botham [mailto:dns at botham.net]
> Sent: Wednesday, July 17, 2002 12:08 PM
> To: bind-users at isc.org
> Subject: RE: IP addresses in NS records seem to be breaking hostname
> resolution
> 
> 
> 
> 
> As a follow up, I forwarded this thread to both the soa responsible
> email and whois responsible email.  And as an extra bonus, I called
the
> whois admin contact on the phone.  He was happy to here from me and
said
> he would call his ISP and light a fire under...
> 
> Dave...

More information about the bind-users mailing list