Conflicting glue records?
Chris Thompson
cet1 at cam.ac.uk
Mon Jan 26 15:39:54 UTC 2009
On Jan 26 2009, Wolfgang S. Rupprecht wrote:
>> For someone to "register a domain and listing our server name with a
>> bogus IP", the registry has to be incredibly careless
>
>I wonder if he is seeing the same thing I was a few days ago. I had a
>certain *.edu host listed as a nameserver of mine with several
>registries (gandi for .com, arin for in-addr.arpa and nro for rDNS in
>2002:: space.) Last friday mail stopped flowing from my machine to
>this nameserver because someone was injecting a stale A-record into
>gtld-servers.net (the address injected was formerly correct, but
>changed over a year ago). This record either hadn't appeared before
>or my bind ignored it up to this point. Could something have changed
>with bind 9.5.1-P1 that would cause it to put more value on glue/host
>records than it did before?
>
>This command clearly showed an A-record with an old, now incorrect
>ipv4 address.
>
> dig mgm.mit.edu @a.gtld-servers.net a
>
>
>As a quick fix I dropped the nameserver in question from gandi and nro
>(arin is still in the stone age and wants you to be their pen-pal, so
>nothing has been changed there.) The problem seems to have fixed
>itself within 24 hours of making the changes at the two registries
>mentioned.
>
>Weird huh?
See "promoting glue to answer", and the evils thereof, passim.
In particular
https://lists.isc.org/pipermail/bind-users/2008-December/074107.html
https://lists.isc.org/pipermail/bind-users/2008-December/074164.html
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list