[Pdns-users] Re: IPv6 testers wanted for snapshot4!

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Feb 11 09:47:07 UTC 2008


On Mon, Feb 11, 2008 at 10:37:09AM +0100,
 bert hubert <bert.hubert at netherlabs.nl> wrote 
 a message of 13 lines which said:

> > This is quite dangerous. With a non-authoritative server, ANY only
> > returns what's in the cache which may be only the A or only the AAAA.
> 
> That only hits mis-configured domains though that delegate to
> non-authoritative servers.

There are a lot. There are also a lot of name servers (or rather, the
black box before them) which reply SERVFAIL to ANY queries.

But I disagree: in the process of name resolution, the recursor can
find a legitimate non-authoritative server up in the domain tree,
which has the A but not the AAAA (for instance because it is a
glue). What does PDNS recursor do here? Always check the authoritative
server?



More information about the Pdns-users mailing list