To:
hardie@equinix.com
Cc:
hardie@kiwi.equinix.com (Ted Hardie), dnsop@cafax.se
From:
Harald Tveit Alvestrand <Harald@Alvestrand.no>
Date:
Mon, 23 Aug 1999 23:14:36 +0200
In-Reply-To:
<199908231848.LAA15681@kiwi.equinix.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: I-D ACTION:draft-lindberg-dnsop-isp-root-server-00.txt
At 11:48 23.08.99 -0700, hardie@equinix.com wrote: ><Snipped discussion of SOA info being changed under Gunnar's scheme> > >Harald wrote: > > > > I don't get this - is any software anywhere actually routing queries > > to the nameserver named in the SOA record? > > > > > > I know for a fact that some zones have a nameserver in their SOA that > > isn't in their NS list (the case where I know why, it's because the > > Real Master is behind a dialup link, but still with a fixed IP addr) > >I hadn't thought of this case. I do know of situations where folks >run script checks on caching nameservers that match up SOA reported by >the roots and NS lists in the cache to see if someone has tried to hijack >domains. I believe that it would report a false positive in your case >(and it doesn't catch everything in any case--it's just a flagging >mechanism). > >Do you know of any cases now where there is no overlap between SOA >and NS? li.org, slashdot.org, microsoft.com (!), for instance. more bizarre things happen - altavista.com uses a name in the SOA that has the same A as one of its NSes, but different name. microsoft looks as if it's round-robining its NS set, and my copy just happened not to include ns 1. the world is a strange place. Harald A -- Harald Tveit Alvestrand, Maxware, Norway Harald.Alvestrand@maxware.no