IP addresses in NS records seem to be breaking hostname resolution

Thu Jul 18 13:53:52 UTC 2002

> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Chris Davis
> Sent: Thursday, July 18, 2002 7:21 AM
> To: 'bind-users at isc.org'
> Subject: RE: IP addresses in NS records seem to be breaking hostname
> resolution
> 
> 
> Bunnies!
> 
> Mark, you're absolutely correct.  That point missed me entirely!
> Now I understand why this type of hostname that matches the syntax of
an
> IP
> address cannot cause Bind not to load the zone, and what Kevin meant
by
> his
> tongue in cheek massive kludging idea.
> 
> This bit of light in my head leads me to my third option, in which a
> resolver that determines an entire set of NS records to be
unresolvable
> dumps that set from its cache.
> 
> There are different levels of "unresolvable."  In the usual level, the
> delegated name server for the hostname says "Host not found."  In
another
> level, no root server can be located to handle the TLD.
> 
> In the event of finding no root server to handle the TLDs for an
> particular
> set of NS RDATA entries, where is the harm in dumping that set of NS
> records
> from a resolver's cache?
> 
> RFC specifies that the delegated name server is believed over the root
> servers, but does it specify that the delegated name server must be
> believed
> when the delegated information is unresolvable?  My question boils
down to
> this:  Does the inability of a particular resolver to find a TLD (or
local
> zone if we're bad) to resolve a hostname absolutely mean that a
hostname
> cannot be resolved by that dns resolver (rather than "was not resolved
by
> the dns resolver")?
> 
> I realize that an update to your hint file might add another root
server
> to
> recognize the unknown TLD.  In this case, the TLD would be picked up
the
> next time hosts in the affected domain are resolved and everything
would
> be
> dandy.

Even a failure at the TLD to resolve a hostname can be temporary.

Dave...
> 
> If this option also isn't an option, help me out!  This is a decent
size
> pitfall causing decent amounts of failures.  If there's a way for Bind
to
> prevent it, how can it be done?
> 
> 
> -----Original Message-----
> From: Mark Damrose [mailto:mdamrose at elgin.cc.il.us]
> Sent: Wednesday, July 17, 2002 10:45 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: IP addresses in NS records seem to be breaking hostname
> resolution
> 
> You seem to have missed the point that the above are *legal*
hostnames.
> As
> a human, it is obvious to you that they were intended as IP addresses.
> Computers are not so good at those kinds of judgement calls.  BIND has
no
> way to know that they are not supposed to be
209.44.8.1.pacetech-inc.com,
> etc.