nxdomain rfc2308 type 2, but authority is incorrect

Joe Maimon jmaimon at ttec.com
Wed Aug 10 23:10:14 UTC 2016


Mark Andrews wrote:

>
> Nameresovle.com's servers are returning answers that can be seen
> as a cache poisioning attempt.  They are NOT authorative for
> ".hosting" but have been configured as if they are.  This is a big
> NO NO.  You don't configure youself as authoritative for a zone
> that has not been delegated to you and in particular you don't
> configure yourself as authoritative for "." or a TLD.
>
> Windows 2008 is quite correct in rejecting this answer.  Named would
> as well except for the number of DNS hosters that do this sort of
> garbage.  Named just sees the CNAME and stops processing the message
> after that.
>
> Mark
>

Thanks for the replies Mark and Bill.

I think its fair to say that most DNS servers have at one time or 
another hosted a zone they were not authoritative for according to the 
DNS tree, as simple as a customer leaving without notice, cruft, split 
view incorrectly configured, etc.

In any event, windows is accepting the negative answer, BIND is 
rejecting it and going forward with resolving the CNAME, sucessfully.

Joe



More information about the NANOG mailing list