[nsd-users] Trying to understand a SERVFAIL
Pim van Pelt
pim at ipng.nl
Sun Jan 31 14:39:11 UTC 2010
Hoi Wouter, Colleagues,
On Fri, Jan 1, 2010 at 1:07 AM, W.C.A. Wijngaards <wouter at nlnetlabs.nl> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Pim, Jeremy,
>
> This response looks like a corner case. I think it may trigger that bad
> behaviour in some resolvers. This may be something that is caused by
> new 'Kaminksy-era-paranoia' fixes in resolvers.
I have seen the unwanted behavior in second zone that I loaded from a
bind9 authorative to an nsd one:
$ORIGIN sixxs.net.
m NS ns1 NS ns2 NS ns3
tic CNAME tic.m
and m.sixxs.net runs on the bind9 authoritative servers. A query
coming to tic.sixxs.net fails, when the NSD gets it, it serves out a
reply but it is not understood by all resolvers.
I think this is an issue that can likely be fixed in NSD even if it is
an issue also in bind (resolver). Where can I file a bug against it?
Should this discussion be brought broader (so the teams can hash it
out amongst themselves how to best fix it?). If so - can you help me
get the right people aligned? I've not posted to name droppers lists
since quite a few years ;)
--
Pim van Pelt <pim at ipng.nl>
PBVP1-RIPE - http://www.ipng.nl/
More information about the nsd-users
mailing list