[prev in list] [next in list] [prev in thread] [next in thread] 

List:       djbdns
Subject:    Re: question about usage of out-of-bailiwick glue when resolving
From:       Lennert Buytenhek <buytenh () wantstofly ! org>
Date:       2004-04-29 10:18:38
Message-ID: 20040429101838.GA1401 () xi ! wantstofly ! org
[Download RAW message or body]

On Thu, Apr 29, 2004 at 10:54:35AM +0200, Peter Conrad wrote:

> Hi,

Hi,


> > What I'm trying to say is, and forgive me if my English is lacking, c.com
> > can make lookups for b.c.com fuck up in any way it wants.  Supplying a glue
> > record b.c.com NS ns1.elsewhere.com which then turns out to be lame is one
> > of the more innocent ways -- suppling glue such as b.c.com NS ns1.b.c.com
> > and then saying that ns1.b.c.com A 127.0.0.1 is one of the more 'obviously'
> > malicious ones.  I still don't see how bailiwick has anything to do with
> > that, and believe me, I _am_ trying to understand your arguments.
> 
> Your original question was:
> 
> > Is there a reason why one should not use received glue records which are
> > out-of-bailiwick at all?
> 
> Several people have answered that with, basically, "Because out-of-bailiwick
> glue records can be wrong."

And in-bailiwick glue records can be wrong too :)  Think large organisation,
with many hierarchical levels (for example, I used to work at Leiden University
for some years, and it was a real b*tch to get such info updated, taking many
weeks in the best case.)


> Now you're arguing "But the NS records can be wrong, too, so who cares if
> the glue records are correct?".
> 
> The point is: wrong NS records and wrong glue records are two different
> reasons for a failed lookup. You can avoid one of these on the client
> side by ignoring out-of-bailiwick glue. Avoiding failures is a good thing,
> that's the reason why dnscache works the way it does.

I won't touch on the subject of whether to ignore out-of-bailiwick glue or
not, since that is a subject that people on this list care about in a rather
strong way, and I do not wish to initiate a flamewar.

I think the main remaining things that we disagree on are purely a matter of
opinion, and we won't agree on those anyway.  So I guess I don't have anything
left to say at this point.  (I do respect your opinions, though!!)

Thanks to all for all the responses to my postings.


cheers,
Lennert
[prev in list] [next in list] [prev in thread] [next in thread]