Conflicting glue records?
Wolfgang S. Rupprecht
wolfgang.rupprecht+bindu at gmail.com
Fri Jan 23 21:12:53 UTC 2009
> For someone to "register a domain and listing our server name with a
> bogus IP", the registry has to be incredibly careless
I wonder if he is seeing the same thing I was a few days ago. I had a
certain *.edu host listed as a nameserver of mine with several
registries (gandi for .com, arin for in-addr.arpa and nro for rDNS in
2002:: space.) Last friday mail stopped flowing from my machine to
this nameserver because someone was injecting a stale A-record into
gtld-servers.net (the address injected was formerly correct, but
changed over a year ago). This record either hadn't appeared before
or my bind ignored it up to this point. Could something have changed
with bind 9.5.1-P1 that would cause it to put more value on glue/host
records than it did before?
This command clearly showed an A-record with an old, now incorrect
ipv4 address.
dig mgm.mit.edu @a.gtld-servers.net a
As a quick fix I dropped the nameserver in question from gandi and nro
(arin is still in the stone age and wants you to be their pen-pal, so
nothing has been changed there.) The problem seems to have fixed
itself within 24 hours of making the changes at the two registries
mentioned.
Weird huh?
-wolfgang
--
Wolfgang S. Rupprecht http://www.full-steam.org/ (ipv6-only)
You may need to config 6to4 to see the above pages.
More information about the bind-users
mailing list