RE: when i check resolver.log just now , i found some error info about AAAA ( ipv6)

Wed, 13 Apr 2016 15:09:34 -0700 

I don't know about other GSLBs, but Cisco GSSes could be made to respond 
relatively sanely, with some careful configuration. We had to set up a "shadow" 
version of each GSLB-delegated subzone on BIND, and the GSSes would proxy all 
queries they couldn't handle themselves to/from this "shadow" version. The 
_piece_de_resistance_ is to add an obscure wildcard entry in each zone so that 
all non-apex proxied queries get a NODATA response. This is to inhibit 
inappropriate NXDOMAIN responses when the name is defined in the GSS, but the 
type is not handled, e.g. MX, TXT, AAAA or whatever. Such inappropriate 
NXDOMAIN queries generate negative cache entries for the name, which can then 
interfere with the A queries. Not a perfect solution, but it got us by until we 
could migrate off that horrible platform.

                                                                                
        - Kevin

-----Original Message-----
From: bind-users-boun...@lists.isc.org 
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Barry Margolin
Sent: Wednesday, April 13, 2016 4:45 PM
To: comp-protocols-dns-b...@isc.org
Subject: Re: when i check resolver.log just now , i found some error info about 
AAAA ( ipv6)

In article <mailman.548.1460561615.73610.bind-us...@lists.isc.org>,
 "Darcy Kevin (FCA)" <kevin.da...@fcagroup.com> wrote:

> Really, there's no excuse, in this day and age, for a DNS-serving 
> device -- even a load-balancer pretending to be a nameserver -- to 
> botch its responses to AAAA queries.

Load balancers routinely botch requests for any type other than the specific 
type they're programmed to balance. There's never been an excuse for it in the 
first place (how hard would it have been for them to return NOERROR?), so 
there's no reason to expect them to treat AAAA any differently from other types 
that they don't know about.

-- 
Barry Margolin
Arlington, MA
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to