North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Is my BIND Server's Cache Poisioned ?
> i > On Thu, 30 Jun 2005, Mark Andrews wrote: > > > No. These are just a mis-configured zones. > > > > hangzhou.gov.cn only has glue records for the nameservers. > > zpepc.com.cn has CNAMEs for the nameservers. > > > > Both of these misconfigurations are visible to nameservers > > that are IPv6 aware. Nameservers that are not IPv6 aware > > are not likely to make the queries that make these > > misconfigurations visible. > > Why would these dns misconfigurations be visible only to IPV6-aware servers? Because IPv6 aware nameservers make AAAA queries for the IPv6 addresses of the nameservers and as a result see the NXDOMAIN / CNAME. The IPv4 only nameservers don't make these queries, as a matter of practice, and only see the problems if some client of the nameserver makes a query for some records with the same name as that of the nameservers. Mark > -- > William Leibzon > Elan Networks > [email protected] -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected]