In message <4bcf4a6c.8050...@gmail.com>, Dave Sparro writes: > On 4/9/2010 8:59 PM, Steven Wilmot wrote: > > > > 1 - The original server-configuration (or response) from "primary-dns.co.uk > " > > is NOT VALID > > > > If this is the case, could you please help let me know exactly which RFC or > > configuration that you believe is not valid. > > > > Note: 'primary-dns.co.uk is owned and maintained by my ISP (aaisp.net.uk), > > and I'm fairly certain that they would be quick to implement any > > "corrections" if you were able to demonstrate a SPECIFIC bug > > > > The server at primary-dns.co.uk (81.187.30.41) considers itself > authoritative for the 'wilmot.me.uk.mail.aaisp.net.uk' name, but has not > been configured with any data for that name. > > The domain registration for 'aaisp.net.uk' seems to indicate that > auth.primary-dns.co.uk (81.187.30.42) is actually one of the servers > that is supposed to be authoritative. > > This can be fixed several ways: > > * ISP removes false authority from 81.187.30.41. > > * ISP syncs data between the real authority (81.187.30.42), and 81.187.30.41 > > * YOU remove forwarding configuration on your DNS server so that you're > not relying on somebody's mis-managed DNS server ( I suspect that is the > reason that the 81.187.30.41 server got involved in the first place) > > * MS fixes their server such that it doesn't accept data that is > incorrectly marked authoritative.
* The IETF updated RFC 1034 so that authoritative servers to not follow CNAME if recursion is not desired. Then misconfigurations like this will not be visible. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
