CNAME Issue - Whether to use CNAME-data or Response-Flag
Mark Andrews
marka at isc.org
Wed Apr 21 23:36:55 UTC 2010
In message <4BCF4A6C.8050608 at gmail.com>, Dave Sparro writes:
> On 4/9/2010 8:59 PM, Steven Wilmot wrote:
> >
> > 1 - The original server-configuration (or response) from "primary-dns.co.uk
> "
> > is NOT VALID
> >
> > If this is the case, could you please help let me know exactly which RFC or
> > configuration that you believe is not valid.
> >
> > Note: 'primary-dns.co.uk is owned and maintained by my ISP (aaisp.net.uk),
> > and I'm fairly certain that they would be quick to implement any
> > "corrections" if you were able to demonstrate a SPECIFIC bug
> >
>
> The server at primary-dns.co.uk (81.187.30.41) considers itself
> authoritative for the 'wilmot.me.uk.mail.aaisp.net.uk' name, but has not
> been configured with any data for that name.
>
> The domain registration for 'aaisp.net.uk' seems to indicate that
> auth.primary-dns.co.uk (81.187.30.42) is actually one of the servers
> that is supposed to be authoritative.
>
> This can be fixed several ways:
>
> * ISP removes false authority from 81.187.30.41.
>
> * ISP syncs data between the real authority (81.187.30.42), and 81.187.30.41
>
> * YOU remove forwarding configuration on your DNS server so that you're
> not relying on somebody's mis-managed DNS server ( I suspect that is the
> reason that the 81.187.30.41 server got involved in the first place)
>
> * MS fixes their server such that it doesn't accept data that is
> incorrectly marked authoritative.
* The IETF updated RFC 1034 so that authoritative servers to not follow
CNAME if recursion is not desired. Then misconfigurations like this
will not be visible.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list