Suboptimal behavior from nsd
Roy Arends
roy at logmess.com
Thu Jan 15 04:31:19 UTC 2004
On Fri, 9 Jan 2004, Erik Rozendaal wrote:
> Miek Gieben wrote:
> > [On 09 Jan, @02:43, Phil wrote in "Re: Suboptimal behavior from n ..."]
> >
> >>| ;; AUTHORITY SECTION:
> >>| enst.fr. 345600 IN NS minos.enst.fr.
> >>| enst.fr. 345600 IN NS enst.enst.fr.
> >>| enst.fr. 345600 IN NS infres.enst.fr.
> >>| enst.fr. 345600 IN NS phoenix.uneec.eurocontrol.fr.
> >>|
> >>| ;; ADDITIONAL SECTION:
> >>| minos.enst.fr. 345600 IN A 137.194.2.34
> >>| enst.enst.fr. 345600 IN A 137.194.2.16
> >>| infres.enst.fr. 345600 IN A 137.194.160.3
> >>| phoenix.uneec.eurocontrol.fr. 345600 IN A 147.196.69.1
> >
> >
> > I'm slightly puzzled on why this last A record is added, it should
> > be considered out of zone, but somehow NSD will add it.
>
> Because all these A records appear as glue in the .fr zone. So the
> answer is constructed using data from a single zone, as are all answers
> from NSD (by design).
Ah, are you going to change that design ? Since all records did _not_ came
from a single zone. This design is not spoof-proof.
Roy
More information about the nsd-users
mailing list