[Pdns-users] PowerDNS does not expire domains - propagates lame delegation.
augie.schwer at gmail.com
Fri Sep 14 14:00:23 UTC 2007
On 9/12/07, bert hubert <bert.hubert at netherlabs.nl> wrote:
> On Thu, Sep 13, 2007 at 05:55:06AM +1000, Richard McLean wrote:
> > At 12:51 PM -0700 12/9/07, Augie Schwer wrote:
> > >Alternatively Bind seems to note the non-authoritative answer from its
> > >master and add the domain into a some list (neg. cache, etc.) and not
> > >answer authoritatively for it.
> > No, I'd say it sounds like a problem too. Having this feature would be
> > a great addition (and the more "correct" behaviour) for us.
> Hehe - we had this discussion some time ago and then the conclusion was the
> exact reverse, that people did not appreciate the DNS 'feature' of expiring
> a domain in case of the master being unavailable.
> For PowerDNS, implementing this requires actual work either in terms of
> performing more SQL queries, or actually deleting a zone after a while.
> Do people really care a lot?
Well someone has to be responsible for cleaning up the lame
delegation; either the slave or the master. Frankly even though I
brought it up, I am OK with the master being responsible for doing the
clean up; the master should know who's slaving from them and be smart
enough to tell those slaves when things change.
Where this can really be a problem is in a mixed Bind and PowerDNS
environment where your internal PowerDNS recursors have some out of
date auth. data and refer clients to your Bind auth. servers that
promptly return ServFail to the client.
In this situation your clients end up going no where when requesting
legitimate domains and your auth. servers receive more bogus traffic.
For my part, once we go full PowerDNS everything will look fine, even
though the problem will still exist, so we will have to do some manual
cleanup of the lame zones, but that's really not too much work.
Augie Schwer - Augie at Schwer.us - http://schwer.us
Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE 2AC3 CB99 2784 27B0 C072
More information about the Pdns-users