[nsd-users] Trying to understand a SERVFAIL

Pim van Pelt pim at ipng.nl
Sun Jan 31 14:39:11 UTC 2010

Hoi Wouter, Colleagues,

On Fri, Jan 1, 2010 at 1:07 AM, W.C.A. Wijngaards <wouter at nlnetlabs.nl> wrote:
> Hash: SHA1
> Hi Pim, Jeremy,
> This response looks like a corner case.  I think it may trigger that bad
> behaviour in some resolvers.  This may be something that is caused by
> new 'Kaminksy-era-paranoia' fixes in resolvers.
I have seen the unwanted behavior in second zone that I loaded from a
bind9 authorative to an nsd one:
$ORIGIN sixxs.net.
m NS ns1 NS ns2 NS ns3
tic CNAME tic.m

and m.sixxs.net runs on the bind9 authoritative servers. A query
coming to tic.sixxs.net fails, when the NSD gets it, it serves out a
reply but it is not understood by all resolvers.

I think this is an issue that can likely be fixed in NSD even if it is
an issue also in bind (resolver). Where can I file a bug against it?
Should this discussion be brought broader (so the teams can hash it
out amongst themselves how to best fix it?). If so - can you help me
get the right people aligned? I've not posted to name droppers lists
since quite a few years ;)

Pim van Pelt <pim at ipng.nl>
PBVP1-RIPE - http://www.ipng.nl/

More information about the nsd-users mailing list