the issue was originally raised on [EMAIL PROTECTED]
there are name server implementations (probably load balancing product)
that responds with NXDOMAIN, when it should respond with NOERROR with
empty reply. one example is news.bbc.co.uk. this symptom not only
confuse IPv6-ready client resolvers, but also has bad effect against
negative caching and email delivery (if MX is responded with NODOMAIN).
do you know:
- name of particular implementation which have/had this bug?
- other examples of nameservers that behave like this?
(windowsupdate.microsoft.com behaved like this in Feb 2002, but
they are already fixed)
- how can we get people to fix it? (client side workaround should
not be populated, just to be sure)
itojun
% dig news.bbc.co.uk.
; DiG 9.1.2 news.bbc.co.uk.
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 60945
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;news.bbc.co.uk.IN
;; ANSWER SECTION:
news.bbc.co.uk. 1770IN CNAME newswww.bbc.net.uk.
;; Query time: 2362 msec
;; SERVER: 127.0.0.1#53(0.0.0.0)
;; WHEN: Thu Apr 25 11:25:45 2002
;; MSG SIZE rcvd: 62
% dig news.bbc.co.uk. a
; DiG 9.1.2 news.bbc.co.uk. a
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 11225
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;news.bbc.co.uk.IN A
;; ANSWER SECTION:
news.bbc.co.uk. 1761IN CNAME newswww.bbc.net.uk.
newswww.bbc.net.uk. 300 IN A 212.58.240.33
;; AUTHORITY SECTION:
bbc.net.uk. 14360 IN NS ns0.thny.bbc.co.uk.
bbc.net.uk. 14360 IN NS ns0.thdo.bbc.co.uk.
;; ADDITIONAL SECTION:
ns0.thdo.bbc.co.uk. 6362IN A 212.58.224.20
ns0.thny.bbc.co.uk. 6362IN A 38.160.150.20
;; Query time: 2341 msec
;; SERVER: 127.0.0.1#53(0.0.0.0)
;; WHEN: Thu Apr 25 11:25:53 2002
;; MSG SIZE rcvd: 156
---BeginMessage---
Hi all,
We've noticed that some sites like news.bbc.co.uk are running broken DNS
servers that return NXDOMAIN for queries rather than NOERROR with
zero answers. The NXDOMAIN reply indicates that there are no records of
any type for the requested name, which is clearly not true since A records
exist and are returned with an A query.
Unfortunately, this means that applications that attempt queries are
unable to resolve addresses that reside within these broken servers. And
that includes WinXP with the IPv6 stack enabled. We would like to deploy
IPv6 on Windows XP machines here, but our users complain loudly when they
are not able to access BBC.
Has anybody found a workaround for this problem? Judging by newsgroup
messages, BBC has known about this problem for months and has neglected to
fix it. At the very least, does anybody have an idea of how widespread is
this problem? -Nathan
--
+---+-++
| Nathan Lutchansky | [EMAIL PROTECTED] | Lithium Technologies |
+--+
| I dread success. To have succeeded is to have finished one's |
| business on earth... I like a state of continual becoming, |
| with a goal in front and not behind. - George Bernard Shaw |
+--+
msg01112/pgp0.pgp
Description: PGP signature
---End Message---
