[100184] in North American Network Operators' Group
Re: dns authority changes and lame servers
daemon@ATHENA.MIT.EDU (Simon Waters)
Fri Oct 19 04:52:59 2007
From: Simon Waters <simonw@zynet.net>
To: nanog@merit.edu
Date: Fri, 19 Oct 2007 09:46:38 +0100
In-Reply-To: <g3ir54m0m9.fsf@sa.vix.com>
Errors-To: owner-nanog@merit.edu
On Friday 19 October 2007 01:03, Paul Vixie wrote:
>
> i agree that it's something BIND should do, to be
> comprehensive. if someone is excited enough about this to consider
> sponsoring the work, please contact me (vixie@isc.org) to discuss details.
Sounds like a really bad idea to me.
The original problems sound like management issues mostly. Why are they
letting customers who don't understand DNS update their NS records, and if
they do, why is it a problem for them (and not just the customer who fiddled
and broke stuff).
Similarly we'll provide authoritative DNS for a zone as instructed (and paid
for), even if it isn't delegated, if that is what the customer wants.
For as long as one doesn't mix authoritative and recursive servers, it matters
not a jot what a server believes it is authoritative for, only what is
delegated. Hence one can't "graph the mistakes" as one would have to be
psychic to find them.
Perhaps they need to provide DNS status reports to clients, so the clients
know if things are misconfigured? Monitoring/measuring is the first step in
managing most things. But I think far more important to find and fix what is
broken, than to try and let the machines prune it down when something is
wrong, although I guess breaking things that are misconfigured is a good way
to get them fixed ;)