strange response to the DS request
神明達哉
jinmei at wide.ad.jp
Mon Mar 7 17:36:20 UTC 2016
At Mon, 7 Mar 2016 09:58:46 +0900,
Manabu Sonoda <manabu-s at iij.ad.jp> wrote:
> > So I'm wondering: is this something odd you just happen to find in a
> > test environment or something, or is there any practical issue because
> > of that?
> That found product environment...
> Our full resolver was sometimes return the CNAME record.
> That parent zone TTL is greater than child zone TTL.
>
> I known this is miss-configuration that NS Delegation.
> Named-checkzone returns errors that parent zone includes ns rcodes for child.
> and named can't load zonefile this case.
Ah, so your real intent in this thread is to propose an additional
sanity check in, e.g., named-checkconf -z (I don't think
named-checkzone can be used for this as it focuses on a single zone
content) so that it can detect an obvious missing NS from an ancestor
to a descendant. I think that makes sense in general, if not for this
particular operational error. Maybe IIJ can fund the extension:-)
--
JINMEI, Tatuya
More information about the bind-users
mailing list