[47083] in North American Network Operators' Group
Re: incorrect NXDOMAIN response from DNS server
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Apr 25 11:37:06 2002
Message-Id: <200204251525.g3PFPlQn010587@foo-bar-baz.cc.vt.edu>
To: Jun-ichiro itojun Hagino <itojun@itojun.org>
Cc: nanog@nanog.org
In-Reply-To: Your message of "Thu, 25 Apr 2002 11:30:27 +0900."
<26629.1019701827@itojun.org>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_292067376P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Thu, 25 Apr 2002 11:25:47 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_292067376P
Content-Type: text/plain; charset=us-ascii
On Thu, 25 Apr 2002 11:30:27 +0900, Jun-ichiro itojun Hagino <itojun@itojun.org> said:
> there are name server implementations (probably load balancing product)
> that responds with NXDOMAIN, when it should respond with NOERROR with
> empty reply. one example is news.bbc.co.uk. this symptom not only
> confuse IPv6-ready client resolvers, but also has bad effect against
> negative caching and email delivery (if MX is responded with NODOMAIN).
>
> do you know:
> - name of particular implementation which have/had this bug?
> - other examples of nameservers that behave like this?
> (windowsupdate.microsoft.com behaved like this in Feb 2002, but
> they are already fixed)
> - how can we get people to fix it? (client side workaround should
> not be populated, just to be sure)
There are apparently several products that have this problem, some of which
are sufficiently widely enough deployed that since Sendmail 8.11.3 or
so, there has been a configure option 'WorkAroundBrokenAAAA' (available as
a FFR in 8.11.3, and in the base code as of 8.12.0.
I am told by people who have tripped over this problem more often than I
have that *early* releases of djbdns did this - but that it is fixed in
anything resembling a current release so the "right" fix is getting the
offender to upgrade his software (which is often futile...)
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_292067376P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE8yB/6cC3lWbTT17ARArD6AJ4/5b+sHhwZMWBVnis66jESBm874wCfWQMi
FmHWAo3hzvvXu/rpNzMH2NQ=
=kfQc
-----END PGP SIGNATURE-----
--==_Exmh_292067376P--
