nanog mailing list archives
Re: Is my BIND Server's Cache Poisioned ?
From: Mark Andrews <Mark_Andrews () isc org>
Date: Thu, 30 Jun 2005 15:33:49 +1000
i On Thu, 30 Jun 2005, Mark Andrews wrote:No. These are just a mis-configured zones. hangzhou.gov.cn only has glue records for the nameservers. zpepc.com.cn has CNAMEs for the nameservers. Both of these misconfigurations are visible to nameservers that are IPv6 aware. Nameservers that are not IPv6 aware are not likely to make the queries that make these misconfigurations visible.Why would these dns misconfigurations be visible only to IPV6-aware servers?
Because IPv6 aware nameservers make AAAA queries for the IPv6 addresses of the nameservers and as a result see the NXDOMAIN / CNAME. The IPv4 only nameservers don't make these queries, as a matter of practice, and only see the problems if some client of the nameserver makes a query for some records with the same name as that of the nameservers. Mark
-- William Leibzon Elan Networks william () elan net
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews () isc org
Current thread:
- Is my BIND Server's Cache Poisioned ? Joe Shen (Jun 29)
- Re: Is my BIND Server's Cache Poisioned ? Mark Andrews (Jun 29)
- Re: Is my BIND Server's Cache Poisioned ? william(at)elan.net (Jun 29)
- Re: Is my BIND Server's Cache Poisioned ? Mark Andrews (Jun 29)
- Re: Is my BIND Server's Cache Poisioned ? Joe Shen (Jun 30)
- Re: Is my BIND Server's Cache Poisioned ? Suresh Ramasubramanian (Jun 30)
- Re: Is my BIND Server's Cache Poisioned ? william(at)elan.net (Jun 29)
- Re: Is my BIND Server's Cache Poisioned ? Mark Andrews (Jun 29)
- <Possible follow-ups>
- Re: Is my BIND Server's Cache Poisioned ? Fergie (Paul Ferguson) (Jun 30)