Long uptimes.

Andy Bradford amb-plugg at bradfords.org
Wed Dec 23 13:10:59 MST 2009


Thus said Shane Hathaway on Wed, 18 Nov 2009 11:01:55 MST:

> I can't resolve folklore.org either.  The problem is unrelated to BYU.

The domain is  poorly delegated and seriously  misconfigured. I'm amazed
that a DNS resolver is able to resolve  it at all. RFC 1035 and RFC 1034
clearly define an NS record as a ``host name'' or a ``domain name,'' but
folklore.org's  authoritative  DNS  servers  clearly  violate  this  and
publish what appears to be an IP address instead of a name.

>From RFC 1035:

------------------------------------------------------------------------
Section 3.3. Standard RRs

The following RR definitions are expected to occur, at least
potentially, in all classes.  In particular, NS, SOA, CNAME, and PTR
will be used in all classes, and have the same format in all classes.
Because their RDATA format is known, all domain names in the RDATA
section of these RRs may be compressed.

<domain-name> is a domain name represented as a series of labels, and
terminated by a label with zero length.  <character-string> is a single
length octet followed by that number of characters.  <character-string>
is treated as binary information, and can be up to 256 characters in
length (including the length octet).

Section 3.3.11. NS RDATA format

    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
    /                   NSDNAME                     /
    /                                               /
    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

where:

NSDNAME         A <domain-name> which specifies a host which should be
                authoritative for the specified class and domain.

NS records cause both the usual additional section processing to locate
a type A record, and, when used in a referral, a special search of the
zone in which they reside for glue information.
------------------------------------------------------------------------

So,  given   the  following   information  provided   by  folklore.org's
authoritative DNS servers, what should a DNS resolver do?

dnsq a www.folklore.org 202.157.182.142
1 www.folklore.org:
77 bytes, 1+1+1+0 records, response, authoritative, noerror
query: 1 www.folklore.org
answer: www.folklore.org 3600 A 206.184.208.53
authority: folklore.org 3600 NS 206.184.208.2

Should it  treat 206.184.208.2 as a  domain name (which is  what the RFC
says will  be included in  an NS  record)? Or should  it treat it  as an
undefined situation? Or should it try  to be ``lenient'' on the clueless
admin? Given the latter, what would  happen then if someone actually did
happen to  own a  DNS name of  208.2 and tried  to delegate?  Would said
``lenient'' software be able to resolve that domain?

Indeed,  if you  ask the  root DNS  servers they  tell you  NXDOMAIN for
206.184.208.2,  which  they should  because  nobody  currently has  that
domain registered.

I'm  not at  all surprised  that some  people are  able to  resolve this
domain while others are not. The domain is clearly broken.

Andy


-- 
[-----------[system uptime]--------------------------------------------]
  1:10pm  up  1:55,  2 users,  load average: 1.18, 1.18, 1.21





More information about the PLUG mailing list