I don't know about other GSLBs, but Cisco GSSes could be made to respond relatively sanely, with some careful configuration. We had to set up a "shadow" version of each GSLB-delegated subzone on BIND, and the GSSes would proxy all queries they couldn't handle themselves to/from this "shadow" version. The _piece_de_resistance_ is to add an obscure wildcard entry in each zone so that all non-apex proxied queries get a NODATA response. This is to inhibit inappropriate NXDOMAIN responses when the name is defined in the GSS, but the type is not handled, e.g. MX, TXT, AAAA or whatever. Such inappropriate NXDOMAIN queries generate negative cache entries for the name, which can then interfere with the A queries. Not a perfect solution, but it got us by until we could migrate off that horrible platform.
- Kevin -----Original Message----- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Barry Margolin Sent: Wednesday, April 13, 2016 4:45 PM To: comp-protocols-dns-b...@isc.org Subject: Re: when i check resolver.log just now , i found some error info about AAAA ( ipv6) In article <mailman.548.1460561615.73610.bind-us...@lists.isc.org>, "Darcy Kevin (FCA)" <kevin.da...@fcagroup.com> wrote: > Really, there's no excuse, in this day and age, for a DNS-serving > device -- even a load-balancer pretending to be a nameserver -- to > botch its responses to AAAA queries. Load balancers routinely botch requests for any type other than the specific type they're programmed to balance. There's never been an excuse for it in the first place (how hard would it have been for them to return NOERROR?), so there's no reason to expect them to treat AAAA any differently from other types that they don't know about. -- Barry Margolin Arlington, MA _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users