IP addresses in NS records seem to be breaking hostname resol ution

Chris Davis chris.davis at computerjobs.com
Thu Jul 18 11:20:53 UTC 2002 

Bunnies!  

Mark, you're absolutely correct.  That point missed me entirely!
Now I understand why this type of hostname that matches the syntax of an IP
address cannot cause Bind not to load the zone, and what Kevin meant by his
tongue in cheek massive kludging idea.

This bit of light in my head leads me to my third option, in which a
resolver that determines an entire set of NS records to be unresolvable
dumps that set from its cache.

There are different levels of "unresolvable."  In the usual level, the
delegated name server for the hostname says "Host not found."  In another
level, no root server can be located to handle the TLD.

In the event of finding no root server to handle the TLDs for an particular
set of NS RDATA entries, where is the harm in dumping that set of NS records
from a resolver's cache?

RFC specifies that the delegated name server is believed over the root
servers, but does it specify that the delegated name server must be believed
when the delegated information is unresolvable?  My question boils down to
this:  Does the inability of a particular resolver to find a TLD (or local
zone if we're bad) to resolve a hostname absolutely mean that a hostname
cannot be resolved by that dns resolver (rather than "was not resolved by
the dns resolver")?

I realize that an update to your hint file might add another root server to
recognize the unknown TLD.  In this case, the TLD would be picked up the
next time hosts in the affected domain are resolved and everything would be
dandy.

If this option also isn't an option, help me out!  This is a decent size
pitfall causing decent amounts of failures.  If there's a way for Bind to
prevent it, how can it be done?


-----Original Message-----
From: Mark Damrose [mailto:mdamrose at elgin.cc.il.us]
Sent: Wednesday, July 17, 2002 10:45 PM
To: comp-protocols-dns-bind at isc.org
Subject: Re: IP addresses in NS records seem to be breaking hostname
resolution

You seem to have missed the point that the above are *legal* hostnames.  As
a human, it is obvious to you that they were intended as IP addresses.
Computers are not so good at those kinds of judgement calls.  BIND has no
way to know that they are not supposed to be 209.44.8.1.pacetech-inc.com,
etc.

More information about the bind-users mailing list