Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!ucsd!ucbvax!WINNIE.CORP.HP.COM!cricket
From: cricket@WINNIE.CORP.HP.COM ("Cricket")
Newsgroups: comp.protocols.tcp-ip.domains
Subject: Re: DNS glue records and BIND 4.8
Message-ID: <9009260414.AA03428@winnie.corp.hp.com>
Date: 26 Sep 90 04:14:24 GMT
References: <106322@uunet.UU.NET>
Sender: daemon@ucbvax.BERKELEY.EDU
Distribution: inet
Organization: The Internet
Lines: 30


    We are currently having a problem caused (I think) by someone with a
    glue records for uunet.uu.net with the wrong address.  The only address
    that uunet.uu.net has is 192.48.96.2; however the address 137.39.1.2
    keeps showing up.

    We have been trying to track this down & kill it for a while now, but
    can't figure out where it is coming from.

A very sticky problem, I agree.  A friend and I tried in vain some months
ago to track down the source of an RR for aos.brl.mil with a bad dlen.

    The real problem is that named accepts non-authoratative updates for
    information that it is the authoratative server for (and thus the
    'infection' gets spread).  Named needs to be fixed to not do this.
    
Am I hallucinating, or do newer versions already do this?  I seem to
remember a message appearing on consoles 'round here that looked like:

	    datagram from 15.0.200.33 port 53, fd 5, len 347 
	    15.0.200.33 attempted update to auth zone 1 'sc.hp.com' 
	    update failed (-10)

when glue conflicted with a server's authoritative data.  (I could be
wrong - I've never personally seen the message, and I run some big
nameservers.)

cricket

hostmaster@hp.com